On Thu, 2008-01-31 at 14:29 +0100, Tony Earnshaw wrote:
Stefan Palme skrev, on 31-01-2008 14:06:
For a BIG company with thousands of accounts, a real solution would use a real LDAP server, not Microsoft garbage.
The same what I think - but in this case the existing infrastructure had to be taken as-is, so we had to deal with the AD problems and could not just throw away the AD and replace it with an OpenLDAP server :-)
If this were a large company "with thousands of accounts" and willing to pay for a solution that works, I think I might be looking at at least one dedicated OpenLDAP machine pulling from AD and serving what's necessary of LDAP to clients.
That might lead to a whole lot of schema hassle, but from what you described originally I think maybe not.
Like Howard I was once a confirmed Microsoft user but encountered so much that stuck in my throat on the way that I became a Unix person and looked to giving up Microsoft. In this life I have to look at ways of pulling information from the one and feeding it to the other.
I absolutely agree (I'm afraid we are far off-topic at the moment ;-), but you speak to the wrong person... If I had anything to say in that company there would be no MS based server today. When I had the AD- problem I was a kind of student who was paid to solve one very special problem in that company (not directly related to LDAP / AD). Fetching all the users from the AD server was just one step to solve this problem...
What I want to say - I absolutely agree to all of your arguments, but the point is: sometimes there ARE situations where the original problem (the need for paged results) exists - even if the REASON for this need is a poor one (e.g. using MS software for large server installations). When you have to SOLVE the problem, you can not always start to solve the problems beginning at the root (replacing AD by OpenLDAP), but you have to find a solution that works in the given context (and with the available amount of money ;-)
regards -stefan-