I work for a University where Microsoft and Unix/Linux products are both heavily present. We currently have both MS Active Directory servers and OpenLDAP servers. We are currently looking at upgraded both of these technologies.
Currently we store all the user's passwords in LDAP (encrypted). Using the "Windows Sync" feature of Fedora DS, is there a way to push the encrypted passwords into Active Directory? Or is it only a AD -> LDAP password push?
Thanks in advance,
Dusty Herrman KEAS Authentication/Directory Engineer Kansas State University djh5983@k-state.edu
Fedora DS password sync is bidirectional. You must create a "Windows Sync" agreement and you have to specify one account with domain admin privileges in that agreement.
You should configure SSL first before the Windows Sync agreement.
Para fedora-directory-users@redhat.co m Dusty Herrman cc djh5983@ksu.edu Enviado por: Asunto fedora-directory-users-b [Fedora-directory-users] Active ounces@redhat.com Directory Password Question Clasificación 27/09/2007 12:08 p.m. Uso Interno
Por favor, responda a "General discussion list for the Fedora Directory server project." <fedora-directory-users@ redhat.com>
I work for a University where Microsoft and Unix/Linux products are both heavily present. We currently have both MS Active Directory servers and OpenLDAP servers. We are currently looking at upgraded both of these technologies.
Currently we store all the user's passwords in LDAP (encrypted). Using the "Windows Sync" feature of Fedora DS, is there a way to push the encrypted passwords into Active Directory? Or is it only a AD -> LDAP password push?
Thanks in advance,
Dusty Herrman KEAS Authentication/Directory Engineer Kansas State University djh5983@k-state.edu
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
======================================================================================== AVISO LEGAL: Esta información es privada y confidencial y está dirigida únicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha información por favor elimine el mensaje. La distribución o copia de este mensaje está estrictamente prohibida. Esta comunicación es sólo para propósitos de información y no debe ser considerada como propuesta, aceptación ni como una declaración de voluntad oficial de NUCLEO S.A. La transmisión de e-mails no garantiza que el correo electrónico sea seguro o libre de error. Por consiguiente, no manifestamos que esta información sea completa o precisa. Toda información está sujeta a alterarse sin previo aviso.
This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from NUCLEO S.A. . Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.
Dusty - The password encryption format is different in FD and AD, so the passwords can't be ported directly from one to the other. Windows Sync makes it possible to synchronize passwords automatically, but it doesn't work until the user changes his or her password. After that, password changes on either system are replicated to the other. One way to deal with this is to force each user to change his or her AD password shortly after you bring up the Windows Sync agreement. -Glenn.
---------- Original Message ----------- From: Dusty Herrman djh5983@ksu.edu To: fedora-directory-users@redhat.com Sent: Thu, 27 Sep 2007 11:08:13 -0500 Subject: [Fedora-directory-users] Active Directory Password Question
I work for a University where Microsoft and Unix/Linux products are both heavily present. We currently have both MS Active Directory servers and OpenLDAP servers. We are currently looking at upgraded both of these technologies.
Currently we store all the user's passwords in LDAP (encrypted). Using the "Windows Sync" feature of Fedora DS, is there a way to push the encrypted passwords into Active Directory? Or is it only a AD -> LDAP password push?
Thanks in advance,
Dusty Herrman KEAS Authentication/Directory Engineer Kansas State University djh5983@k-state.edu
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
------- End of Original Message -------
389-users@lists.fedoraproject.org