Hello all,

We have a number of Citrix apps running on w2k and w2k3 servers in a single
AD domain. We have a requirement that eDirectory is used for all
authentication in all applications. But the citrix support guys are anxious
about using ZfD DLU incase the wrong policy is set or a NAL deployment
kills the server.

Apparently Citrix can authenticate users against NDS, but it requires a
user object to exist in the Domain? The citrix guys also want to maintain
user accounts in the domain for application data and roaming profiles. I'm
not sure how the NDS authentication works with Citrix, if anyone knows I'd
like to hear it? Does it just use the Novell client or is it an LDAP thing?

So we were looking at ZfD4 DLU, but I'm not sure if this will create user
accounts in the domain? Has anyone got this to work? And again there are
concerns about rogue policies and NALs.

Otherwise we could use DirXML/IDM but it is alot of work. I have been
reading about DDU in onDemand, but again I don't understand how this works
or if it works with Citrix?

Any ideas on the best course of action.