The AcctSync Approach

Advantages
The Windows PDC has two important components
The password filter DLL catches windows user password changes and sends those to a registered script.  That script updates the LDAP server.  The OpenLDAP replica running on the windows machine is a regular OpenLDAP replica and receives all changes done on the master ldap server.  It uses the Perl backend to make updates to the windows operating system.

fig. 1 - basic server configuration.
basic hierachy


How a LDAP user gets propagated to Windows.


fig. 2 - New users propagate to the windows domain from LDAP




How a windows password change gets propagated.

fig. 3 - A user changes their password on a windows computer
Windows password change gets propagated


Here is a closer view of the windows process.

fig. 5 - Password capture process on windows.

windows password change process