****Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Craig White]

On Fri, 2009-01-02 at 10:07 -0700, Stephen wrote:
> open-LikeWise will not synchronise as far as i can tell, its more of a
> authentication tool, or the free one is. but if your on a Linux
> machine and need to auth against a Domain its handy.
> 
> It also appears that the next version of freeIPA (2.0) is looking to
> make it less fedora only. which will be very nice. but im unsure of
> that. in any case it is a more complete integration. if you don't mind
> only useing fedora.
----
Samba's winbind daemon is more than capable of providing auth against AD
- that's always been its mission.

LDAP is pretty well defined set of standards and for the most part, the
actual underlying LDAP provider is not material.

Synchronizing an LDAP DSA on Linux with AD (which is after all, LDAP) is
somewhat tricky and as far as I know, only FDS (Fedora Directory Server)
has that capability.

FDS also has a rather nice console application (java based) and some
interesting web applications but it is more painful to set up and is
lower performance than OpenLDAP - which probably doesn't matter for when
you have 1000 accounts or less but when you get into large
organizations, performance is definitely going to matter.

Craig