Buchan Milne wrote:
There is a feature hidden in ITS that would provide a better solution, allowing for authentication to still work if/when AD is unavailable (due to network issue, firewall issue etc.).
http://www.openldap.org/its/index.cgi/Contrib?id=5042;selectid=5042
The problem with this approach is that it stores a copy of the password within OpenLDAP. Depending on the security policy that's maybe not what one wants.
Ciao, Michael.