Dear All,

I finally got the 389-ds working with PAM-PTA and everything looks fine so far. I am investigating on scripting the AD sync using perl/python/ldapscripts(shell). Anybody has any advice on the choice. I see perl’s Net:LDAP is pretty comprehensive with  easy to use functions, but just in case if your opinion differs. I have a Perl script which partially does the job and wouldn't mind sharing if you want to take a peep.

requirements:

1. Sync one-way from AD --> LDAP with only posix attributes.
2. Disable/delete accounts in ldap if disabled/deleted in AD.
3. Sync Groups and its members.
   

PS: I am a newbie with scripting.

Thanks,
Prashanth