Only a subset of
attributes is sync between AD and 389 ds.
However by performing
ldapsearch request over the AD and ldapmodify on the corresponding entry in 389
ds , you can create a script which merge semi-automatically some other
attributes.
For password sync,
like said by solarflow, the Microsoft hash algorithm can t be used on other
system. This is the reason why password sync service only deals with password
in plain text format by adding a hook on the password change event.
De :
389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org]
De la part de solarflow99
Envoyé : mardi 15 novembre
2011 09:45
À : General discussion list
for the 389 Directory server project.
Objet : Re: [389-users] Sync
UNIX Attributes from AD to 389ds
I meant to say:
can't use the windows password hash
On Tue, Nov 15, 2011 at 12:43 AM, solarflow99 <solarflow99@gmail.com> wrote:
I had a similar setup as yours, for #1 I think I did have to use 389
console to enable posix attributes so the user could login to linux, i'm not
sure how to make this automatic. For #2 this is because windows passwords
are encrypted differently, and linux can use the windows password hash.
hope this helps..
2011/11/15 Walter Neu <w.neu@eurodata.de>
Hi all,
I have installed a 389ds which sync entries from an Active Directory running on
Windows 2008 R2 Enterprise Server. Everything works fine even Password Sync.
But I have still 2 problems I don't get solved:
1. It's not possible to sync the UNIX attributes from AD to 389ds.
Any hints?
2. Passwords are not synced during an initial full re-syncronization.
Only password changes on an AD are synced. So I have to reset a user's password
and after that the password will be transmitted to the 389ds.
Best regards
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users