The AcctSync Approach
Advantages
- Central user database is LDAP only, not a complicated mix of protocols/systems
( relatively speaking ).
- Client computers are unaware of modifications.
The Windows PDC has two important components
- A Password filter DLL
- An OpenLDAP Server configured as a replica
The password filter DLL catches windows user password changes and sends those
to a registered script. That script updates the LDAP server. The
OpenLDAP replica running on the windows machine is a regular OpenLDAP replica
and receives all changes done on the master ldap server. It uses the
Perl backend to make updates to the windows operating system.
fig. 1 - basic server configuration.
How a LDAP user gets propagated to Windows.
fig. 2 - New users propagate to the windows
domain from LDAP
How a windows password change gets propagated.
fig. 3 - A user changes their password
on a windows computer
Here is a closer view of the windows process.
fig. 5 - Password capture process on windows.