Thierry Lanfranchi wrote:
I'm in the process of installing a new LDAP directory using FDS,
am willing to synchronize the password modifications between AD
domains and the corresponding users in the LDAP directory. These users
are not synchronized, but the ntUserDomain attribute is set to the
corresponding AD account.
Yes, this should work in the AD->FDS direction.
I don't believe that it's a 'supported' configuration, but I think it
should work ok.
After reading the RH admin guide, I still have a few questions, which
1_ Can the Password Sync feature be implemented without having to
implement synchronization of the accounts between AD and FDS ?
In the AD->FDS direction, yes I think so.
2_ When you have multiple AD servers per domain, and multiple AD
domains, how many copies of the PassSync service do you need to
install ? Can the service be installed on only one server per domain,
or do I need to install it on every server ? (I'm no AD guru, so I'm
not sure how and when the password is definitly encoded on AD).
You only need to install passsync in one place.