Ok ok, i'm going to see what you sent to me . To be sure, is 389DS may be an intermediate between my two actual servers? I have to keep my actual LDAP and remain the master and synchronization must be a single direction (LDAP -> AD). Will users have to change their password? My goal is that everything will be transparent.

regards

2014/1/16 Petr Spacek <pspacek@redhat.com>

On 16.1.2014 15:59, Rich Megginson wrote:

On 01/16/2014 07:57 AM, Louis-Marie Plumel wrote:

Hello,

Actually , i work with openldap.
I've installed an AD 2008 R2.My challenge is to work with both and
synchronise LDAP and AD 2008 R2. After a long research on the web, i don't
find any information about howto synchronise passwords . That's why i come
here to see if with 389 DS it's possible or not.

Yes.
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Windows_Sync.html

There is also one completely different option: Use trust between AD and Unix domain. It depends on your requirements ...

See
http://www.freeipa.org/page/Trusts

or join mailing list
https://www.redhat.com/mailman/listinfo/freeipa-users

Have a nice day!

--
Petr^2 Spacek

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
Louis-Marie Plumel
louismarie.plumel@gmail.com