[RobertGraham]

We wanted to use LDAP as well, but the current version requires that you import the entire LDAP catalog into the server!!!! Not only is it completely unrealistic for us to import tens of thousands of LDAP entries- two days later several records will change. It's a almost completely useless feature.

I can't understand why this was ever programmed to scale so poorly. There are several examples of lack of forethought on the part of the dev team.

As such, we've decided to use custom IDs. They don't authenticate; they only identify. This is not so much of a problem since it only means unauthorized clients can get the security policy. But, it's certainly not an optimal solution.

My advice: if this is a significant aspect for you: wait until version 7. It might be better.

Are you using HFA03? If not, perhaps trying that will help. In the end, for most organizations, importing large namespaces like this simply isn't feasible.