The AcctSync Approach

The Windows PDC has two important components
The password filter DLL catches windows user password changes and sends those to a registered script.  That script updates the LDAP server.  The OpenLDAP replica running on the windows machine is a regular OpenLDAP replica and receives all changes done on the master ldap server.  It uses the Perl backend to make updates to the windows operating system.

fig. 1 - basic server configuration.
basic hierachy

How a LDAP user gets propagated to Windows.

fig. 2 - New users propagate to the windows domain from LDAP

How a windows password change gets propagated.

fig. 3 - A user changes their password on a windows computer
Windows password change gets propagated

Here is a closer view of the windows process.

fig. 5 - Password capture process on windows.

windows password change process