Hello FDS users - <br><br>I am learning as I go here so please excuse my ignorance. I have scoured over the Fedora and Redhat docs for Directory Server and read many threads from this list archive concerning Active Directory sync. I'm having trouble putting all the pieces together and would greatly appreciate some guidance from people that have already gone through this process <span class="moz-smiley-s1"><span>:) </span></span><br>
<br>I am in the process of migrating from NIS to LDAP. In our environment we run both Windows and Linux systems. For quite awhile we have been maintaining both NIS and Active Directory. Our goal is to move away from NIS and achieve single sign on for our users. I have installed and configured FDS, converted and imported our NIS maps as ldif. This worked beautifully. <br>
<br>Can I create a sync agreement that only sends passwords from AD->FDS, nothing else and no updates from FDS->AD? <br>I would like to configure our Linux clients to authenticate to AD with kerberos and use FDS as the LDAP server. I understand we need to install the password sync utility on one of our DC's and that when a user changes their password in AD the utility will capture it in plaintext and send to FDS. I also see that FDS and the pass sync have to be configured to share certificates for the SSL connection between them. <br>
<br>Can the sync utility be restricted to one OU within AD? What access within AD is required for the utility to run? Domain Admin rights or can specific rights be delegated? <br><br>I would really appreciate some steps for: configuring SSL on the AD and FDS side. Creating and testing the sync agreement. <br>
<br>Thank you so much for the help!! <br><br>Slat3dx<br><br><br><br>