[389-users] Advantage to synching with AD?
Kwan Lowe
kwan.lowe at gmail.com
Fri Mar 5 16:34:40 UTC 2010
2010/3/5 Dumbo Q <dumboq at yahoo.com>:
> I'm linux guy, and if it were up to me windows would not be in my server
> environment. However I am in a mixed environment where All windows servers
> use AD for authentication, and linux servers have no authentication setup.
>
> My first thought is to use rhds or 389 to sync with AD. After stewing on
> this for a little bit, I wonder is there any benefit that I will be gaining
> by doing this.
>
> Does anyone have experience and can say why I should do this rather then
> just authenticate to AD? Again I'd prefer linux, but I prefer not
> over-complicating core infrastructure more.
I suppose it depends on your AD server. If they can add the
appropriate schemas to seamlessly integrate your systems, and there
are no issues with appropriate authorization and duties, then there is
a case for authenticating directly to AD. An upside if you have a lot
of end users is that your support infrastructure might not have to
deal with password resets and account creation/modification.
On the other hand, if the Linux servers are critical to the business,
you can make a case that if the AD domain goes down, a proxy Linux
LDAP can ensure that at least the Linux systems have no outage (with
appropriate caching, etc.). You also maintain a bit more control over
the auth setup.
More information about the 389-users
mailing list