[SAGE] RH directory server or IBM TDS and directory structure in a fairly complex environment

["Erling Ringen Elvsrud" <erlingre@xxxxxxxxx>]

Hello list,

I work for a fairly large organization and will probably  be involved
in planning, installing and maintaining
a LDAP based directory service this year. The directory will be
mainly used to authenticate developers and systems administrators that
need to access RH Linux servers  (and also maybe HP-UX in the future).
Microsoft AD is used elsewhere in the organization to authenticate
users of Windows based desktop computers. The best solution  would
be to use AD to authenticate users of Unix computers as well, but I'm
not sure if it is possible to make that solution work. We also would
like to be able to use the directory for netgroups.
The total solution consists of a couple of hundred servers and maybe
around 200 users. The servers are distributed in
test, development, pre-prod, prod, etc environments that are more or
less isolated, but it is probably possible to allow communication
between
servers running the directory service.

We alredy have licensed IBM TDS that is used in other parts of the
organization, but also consider
to purchase Red Hat Directory Server. We are early in the process.  I
appreciate any input on those two products as
I'm not familiar with either. I have basic LDAP experience from OpenLDAP.

With my limited LDAP experience I expect that the final solution will
consist of something like a writeable master (or 2 if possible)
accessible from all environments and read-only replicas in most other
environments (firewalls are opened to allow communication where
needed).

Do you know any whitepapers , texts describing LDAP based directory
services in environments like I have described above?
I also appreciate to hear any suggestions or experiences you have from
similar scenarios.

Thanks,

Erling