That makes perfect sense, as I noticed that the replication agreement I
created was a supplier/consumer agreement between fds and ad; now I have
another question, if a new user is created in ad, since the fds box is
the supplier, how will that uid be replicated to fds?
[mailto:email@example.com] On Behalf Of Nathan
Sent: Tuesday, October 31, 2006 4:44 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Trouble getting windows to talk to
Bliss, Aaron wrote:
I'm a little confused here; what is the purpose of the passsync
(I've successfully created a replication agreement over ssl via
ad). Thanks again.
The PassSync service is only responsible for sending password changes
initiated on the AD side to FDS. Any password that is changed on the
FDS side will be sent to AD over the synchronization agreement along
with other user & group changes. The synchronization agreement will
also pull changes that happened on the AD side over to FDS.
The problem is that AD hashes the password differently than FDS does, so
FDS needs access to the clear-text password. The only way for this to
happen when a password change is initiated on the AD side is to have a
password plug-in installed on the domain controller to get a copy of the
clear-text password. This is exactly what the PassSync service does.
It installs a plugin (passhook.dll) that receives the clear-text
password which passsync.exe sends across to FDS over LDAPS.
Hopefully that clears things up.
The information contained in this electronic message is intended for the exclusive use of
the individual or entity named above and may contain privileged or confidential
information. If the reader of this message is not the intended recipient or the employee
or agent responsible to deliver it to the intended recipient, you are hereby notified that
dissemination, distribution or copying of this information is prohibited. If you have
received this communication in error, please notify the sender immediately by telephone
and destroy the copies you received.