- Configuration (OUD+EUS+PTA) is for customers who did not want to install the dll on their AD server ( I mean EUS DLL Option )
- The PTA workflow element offers a feature allowing to locally store the password hash when a successful bind is executed, thus allowing EUS to work. The big drawback is that the local password copy is created only if the user performs a ldap bind through OUD (meaning that if a user modifies his password in AD , he must also do a ldapbind through OUD in order to refresh the local copy of the password).
- AD uses MS proprietary hash, and besides, it does not allow LDAP clients to read password field. EUS, on the other side, does not perform LDAP bind, but instead reads user’s hashed password, and than compares the hash it produced itself out of clear-text password provided by DB user.
Ref : http://docs.oracle.com/cd/E52734_01/oud/OUDAG/proxy_functionality.htm#BGBDADJE