NT4-Specific Limitations568 Red Hat Directory Server Administrator’s Guide • May 2005• Active Directory uses the attribute streetAddress for a user or group’sphysical or postal address. Directory Server uses the RFC2798 inetOrgPersonattribute street for this purpose. However, as defined in RFC2256,streetAddress is an alias for street. To compound the confusion, ActiveDirectory also has the street attribute, but it is not an alias forstreetAddress but a separate attribute that can hold an independent value.Windows Sync maps streetAddress in Windows to street in DirectoryServer, and therefore, precludes the use of the street attribute in ActiveDirectory.NT4-Specific LimitationsThe NT4 LDAP Service attempts to reflect the NT4 NTLM user database (asaccessed via the Net API) in LDAP. In general, this works well, but there are somefundamental incompatibilities between LDAP schema and the underlying datastore. These incompatibilities are listed below:• The schema supported by the NTLM database is severely limited comparedto Active Directory. There is little support for information beyond usernameand full name. The missing attributes therefore cannot be synchronized.• There is no support for the incremental Dirsync found in Active Directory.What this means is that every time the Directory Server performs asynchronization pass, it will pull the complete set of all entries from NT4. Thishas implications for the consistency of data because if a modification is madeto an entry on the Directory Server side and the same entry is read from NT4in a synchronization operation before the change has been propagatedoutbound, then the change will be undone.• There is no support for tombstone entries in NT4. What this means is thatentries deleted from NT4 will not be automatically deleted from the DirectoryServer side. It will be necessary to delete those entries manually.• NT4 has no surname attribute. However, the inetOrgPerson object classrequires surname have a value. In order to allow the use of the standardperson schema with NT4, when new user entries are created in the syncprocess, they are given a surname attribute value that is equal to the NT username. This can be changed later by the admistrator to the correct value. Thisissue only applies to new entries created in Directory Server by a syncoperation. If the associated Directory Server entry for an NT4 user accountalready exists, its surname attribute is left unchanged.
