| It is read only and the schema is fixed so there would be no way to
add additional objects or attributes that Entrust would require.
Performance is not bad and using some undocumented features it is
possible to modify attribute names returned via LDAP and adjust which
attributes are indexed and which are used during address check. The
schema that ships with 5.0 seems oddly configured, returning the
directory name instead of the display name to LDAP clients when they
ask for the common name. So in the client you see names like "SmithJ"
instead of John Smith. We are currently tuning the internal V5 server
schema to make it work better.
The latest crop of LDAP enabled mail clients (outlook express,
communicator and Eudora) seem to work ok with Exchange 5.0
(other than the common name issue) since they are all using the same
schema for the base attributes. In fact they work better with
Exchange than they do with the LDAP access to X.500 ELF because of
the schema differences.
There are also several differences in the way Exchange responds to
some LDAP requests such as timeouts, size limits and searches using
filters with bogus attributes. Mildly irritating but all of these can
be worked around one way or another.
|