<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 01/16/2014 08:12 AM, Louis-Marie
Plumel wrote:<br>
</div>
<blockquote
cite="mid:CAG=1xvgP+n1oBTUMmWBepgpU699_qBmaBda5roWxB3WyTtdG8Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Ok ok, i'm going to see what you sent to me . <span
id="result_box" class="" lang="en"><span class="">To be</span>
<span class="">sure,</span> <span class="">is</span> <span
class=""></span> <span class="">389DS</span> <span
class="">may be</span> <span class="">an intermediate</span>
<span class="">between my two actual servers</span><span>?</span></span></div>
</div>
</blockquote>
Not sure what you mean here.<br>
<blockquote
cite="mid:CAG=1xvgP+n1oBTUMmWBepgpU699_qBmaBda5roWxB3WyTtdG8Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><span id="result_box" class="" lang="en"><span class="">I
have to keep my actual LDAP</span><span class=""> and </span><span
class=""></span><span class=""></span> <span class="">remain
the</span> <span class="">master</span> <span class="">and
synchronization</span> <span class="">must be a single</span>
<span class="">direction (</span><span>LDAP</span> <span
class="">-</span><span>> AD</span><span>)</span><span>.</span></span></div>
</div>
</blockquote>
389 supports one way sync.<br>
<blockquote
cite="mid:CAG=1xvgP+n1oBTUMmWBepgpU699_qBmaBda5roWxB3WyTtdG8Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><span id="result_box" class="" lang="en">Will<span class="">
users</span> <span class="">have to change</span> <span
class="">their password</span><span class="">?</span></span></div>
</div>
</blockquote>
Yes, unfortunately.<br>
<br>
<blockquote
cite="mid:CAG=1xvgP+n1oBTUMmWBepgpU699_qBmaBda5roWxB3WyTtdG8Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><span id="result_box" class="" lang="en"><span class="">My
goal is</span> <span class="">that everything will be</span>
<span class="">transparent.<br>
</span></span></div>
</div>
</blockquote>
Then you may want to look into IPA with AD cross domain trust as
Petr suggested.<br>
<blockquote
cite="mid:CAG=1xvgP+n1oBTUMmWBepgpU699_qBmaBda5roWxB3WyTtdG8Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><span id="result_box" class="" lang="en"><span class="">
</span></span></div>
<span id="result_box" class="" lang="en"><span class="">regards<br>
</span></span></div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2014/1/16 Petr Spacek <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:pspacek@redhat.com"
target="_blank">pspacek@redhat.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On 16.1.2014 15:59, Rich Megginson wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
On 01/16/2014 07:57 AM, Louis-Marie Plumel wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br>
<br>
Actually , i work with openldap.<br>
I've installed an AD 2008 R2.My challenge is to work
with both and<br>
synchronise LDAP and AD 2008 R2. After a long research
on the web, i don't<br>
find any information about howto synchronise passwords
. That's why i come<br>
here to see if with 389 DS it's possible or not.<br>
</blockquote>
<br>
Yes.<br>
<a moz-do-not-send="true"
href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Windows_Sync.html"
target="_blank">https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Windows_Sync.html</a><br>
</blockquote>
<br>
</div>
There is also one completely different option: Use trust
between AD and Unix domain. It depends on your requirements
...<br>
<br>
See<br>
<a moz-do-not-send="true"
href="http://www.freeipa.org/page/Trusts" target="_blank">http://www.freeipa.org/page/Trusts</a><br>
<br>
or join mailing list<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
<br>
Have a nice day!<span class="HOEnZb"><font color="#888888"><br>
<br>
-- <br>
Petr^2 Spacek</font></span>
<div class="HOEnZb">
<div class="h5"><br>
--<br>
389 users mailing list<br>
<a moz-do-not-send="true"
href="mailto:389-users@lists.fedoraproject.org"
target="_blank">389-users@lists.fedoraproject.org</a><br>
<a moz-do-not-send="true"
href="https://admin.fedoraproject.org/mailman/listinfo/389-users"
target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
Louis-Marie Plumel<br>
<a moz-do-not-send="true"
href="mailto:louismarie.plumel@gmail.com" target="_blank">louismarie.plumel@gmail.com</a><br>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>