Stefan Palme skrev, on 31-01-2008 14:06:
For a BIG company with thousands of accounts, a real solution would use a real LDAP server, not Microsoft garbage.
The same what I think - but in this case the existing infrastructure had to be taken as-is, so we had to deal with the AD problems and could not just throw away the AD and replace it with an OpenLDAP server :-)
If this were a large company "with thousands of accounts" and willing to pay for a solution that works, I think I might be looking at at least one dedicated OpenLDAP machine pulling from AD and serving what's necessary of LDAP to clients.
That might lead to a whole lot of schema hassle, but from what you described originally I think maybe not.
Like Howard I was once a confirmed Microsoft user but encountered so much that stuck in my throat on the way that I became a Unix person and looked to giving up Microsoft. In this life I have to look at ways of pulling information from the one and feeding it to the other.
Best,
--Tonni