Re: Ldap challenge

Hi, Andrew Findlay schrieb (27.04.2015 21:06 Uhr): > On Mon, Apr 27, 2015 at 06:27:39PM +0000, Ross, Daniel B. wrote: > All of my customers so far have chosen the parallel approach, as that > allows the Unix LDAP to continue working if it loses access to AD. > Ideally this includes installing a module on the AD Domain Controllers > that detects password changes and forwards them immediately to the Unix > LDAP. I have generally used Microsoft's SFU password-capture module for > this as AD admins seem happier to install Microsoft code than things from > other sources. It does have its problems though, and the code quality > of the Unix end that they provide leaves a lot to be desired. I believe > newer AD versions come with an updated version of this built in, but I > have not tested it. I don't know about AD, I googled a bit around. I found "Identity Management for UNIX: Password Synchronization" as a successor of SFU, is this true? Is this the thing MS is currently offering: https://technet.microsoft.com/en-us/library/cc776179%28v=ws.10%29.aspx Using NIS and installing a PAM module on every machine!?