Anne Cross wrote:
I'm trying to sync passwords from 389 to Active Directory.
If we import users from AD, then try to change their passwords, the
replication locks up.
Can you be more specific? Have you tried the replication log
level
(which also logs winsync data) -
http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting
If we create the users on 389, and sync them back to AD, the password
field passed back is blank in Windows.
When you create the users on 389, are you
using the clear text password
in the userPassword field?
Passsync isn't going to work because we're running 64bit Windows, so
we can't sync the passwords *from* AD. I got this working earlier,
but that was with FDS in a test instance several months ago, and I
didn't write down what I did. (And I am kicking myself over that.)
We can live without people changing their passwords on AD as long as
we *can* sync passwords down from 389.
We are working on 64-bit Windows support.
The replication manager account on AD has full Directory Admin privs,
so it *does* have the ability to update passwords.
Try it with
cn=administrator,cn=users,dc=yourdomain,dc=com to rule out
any permissions issues.
What am I missing? Our logs are showing us a lot of things that are
not helpful; I will be happy to attach further logs if people can tell
me what to look for, but we've been trying this for two days now, and
we're not any closer than we were when we started.