On 27/05/2010 10:25, Benjamin MONTHOUEL wrote:
Hi,
I'd like to know which method is recommended by openldap.org to perform a bidirectional sync with Microsoft Active Directory. This method has to notice that users changed their password by themselves. Kerberos token ???
Thanks for any information.
Hi,
OpenLDAP does not include any mechanism to sync with Active Directory. Both directories have replication mechanisms, but they are incompatible.
I can personally (this is not an "openldap.org recommendation") recommend using a third party tool to synchronize the two directories, such as Ldap Synchronization Connector (LSC), which is designed for exactly this purpose - see http://lsc-project.org.
Hope this helps, Jonathan