http://duckdown.blogspot.com/2008/01/common-weakness-in-all-identity.htmlThis author takes a harsh, but not well versed stand, into criticizing ALL IdM software packages out there for the lack of integration into various data stores, especially Active Directory. If it were that simple, don't you think all the vendors would do it? Just the fact that the symptom is there for ALL IdM packages, should tell you there is MORE to the story, no??? First check out Gavin's response, a good one - and saved me from more ranting on here... http://blog.suretecsystems.com/archives/77-A-Common-Weakness-in-all-Identity-Management-Products,-but-not-OpenLDAP.html First - Active Directory is for INTERNAL users primarily. Not useful for all IdM initiatives, say for a partner portal, or federated business environment where the user list is NOT your network users. Second - If you know much about Active Directory you will know 1st AD admins don't want you messing with it, you can cause serious problems if you do - extending schemas, customer object classes, etc pose problems, plus its SLOW - HENCE why ADAM exists in the first place, but then why isn't everyone clamouring over the use of ADAM? Like Gavin Henry says... I encourage this author to take a look at the white paper Open LDAP wrote (http://symas.com/documents/Adam-Eval1-0.pdf) and you will start to see the limitations and disjointed nature of LDAP compliant directory services and AD.
read more | digg story