[Fedora-directory-users] Help with NIS->FDS & AD migration

solarflow99 solarflow99 at gmail.com
Tue Mar 11 10:01:52 UTC 2008 

i'm struggling just with workgroups in FDS, it would sure be nice if there
was a samba enable section and some explanations.  I see ldapadmin is a
ways ahead of the FDS console for user administration, but i'm seeing some
problems with that.




On 3/10/08, slat3dx slat3dx <slat3dx at gmail.com> wrote:
>
> Ivan -
>
> Thanks for the info!
>
>
>  On Mon, Mar 10, 2008 at 3:15 PM, Ivan Ferreira <iferreir at personal.com.py>
> wrote:
>
> > Please see also:
> >
> > Twenty Questions to Ask Yourself During a Red Hat Directory Server
> > Deployment  by Satish Chetty
> >
> > www.redhat.com/f/pdf/whitepapers/RHDS_TwentyQuestions.pdf
> >
> >
> >
> >
> >
> >
> >
> >  Para
> >
> > fedora-directory-users at redhat.co
> >                                          m
> >       "slat3dx slat3dx"
> >  cc
> >       <slat3dx at gmail.com>
> >       Enviado por:
> > Asunto
> >       fedora-directory-users-b           [Fedora-directory-users] Help
> >       ounces at redhat.com                  with NIS->FDS & AD migration
> >
> > Clasificación
> >       10/03/2008 05:13 p.m.             Uso Interno
> >
> >
> >
> >        Por favor, responda a
> >       "General discussion list
> >       for the Fedora Directory
> >           server project."
> >       <fedora-directory-users@
> >             redhat.com>
> >
> >
> >
> >
> >
> >
> >
> >  Hello FDS users -
> >
> > I am learning as I go here so please excuse my ignorance.   I have
> > scoured
> > over the Fedora and Redhat docs for Directory Server and read many
> > threads
> > from this list archive concerning Active Directory sync.  I'm having
> > trouble putting all the pieces together and would greatly appreciate
> > some
> > guidance from people that have already gone through this process :)
> >
> > I am in the process of migrating from NIS to LDAP.  In our environment
> > we
> > run both Windows and Linux systems.  For quite awhile we have been
> > maintaining both NIS and Active Directory.  Our goal is to move away
> > from
> > NIS and achieve single sign on for our users.  I have installed and
> > configured FDS, converted and imported our NIS maps as ldif.  This
> > worked
> > beautifully.
> >
> > Can I create a sync agreement that only sends passwords from AD->FDS,
> > nothing else and no updates from FDS->AD?
> > I would like to configure our Linux clients to authenticate to AD with
> > kerberos and use FDS as the LDAP server.  I understand we need to
> > install
> > the password sync utility on one of our DC's and that when a user
> > changes
> > their password in AD the utility will capture it in plaintext and send
> > to
> > FDS.  I also see that FDS and the pass sync have to be configured to
> > share
> > certificates for the SSL connection between them.
> >
> > Can the sync utility be restricted to one OU within AD?  What access
> > within
> > AD is required for the utility to run?  Domain Admin rights or can
> > specific
> > rights be delegated?
> >
> > I would really appreciate some steps for: configuring SSL on the AD and
> > FDS
> > side.  Creating and testing the sync agreement.
> >
> > Thank you so much for the help!!
> >
> > Slat3dx
> >
> >
> >
> >  --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> >
> > ========================================================================================
> > AVISO LEGAL: Esta información es privada y confidencial y está dirigida
> > únicamente a su destinatario. Si usted no es el destinatario original de
> > este mensaje y por este medio pudo  acceder a dicha información por
> > favor
> > elimine el mensaje. La distribución o copia de este mensaje está
> > estrictamente prohibida. Esta comunicación es sólo para  propósitos de
> > información y no debe ser considerada como propuesta, aceptación ni como
> > una declaración de voluntad oficial de NUCLEO S.A.  La transmisión de
> > e-mails no garantiza que el correo electrónico sea seguro o libre de
> > error.
> > Por consiguiente, no manifestamos que esta información sea completa o
> > precisa.  Toda información está sujeta a alterarse sin previo aviso.
> >
> >  This information is private and confidential and intended for the
> > recipient only. If you are not the intended recipient of this message
> > you
> > are hereby notified that any review,  dissemination, distribution or
> > copying of this message is strictly prohibited. This communication is
> > for
> > information purposes only and shall not be regarded neither as a
> > proposal,
> > acceptance nor as a statement of will or official statement from NUCLEO
> > S.A. . Email transmission cannot be guaranteed to be secure or
> > error-free.
> > Therefore,  we do not represent that this information is complete or
> > accurate and it should not be relied upon as such. All information is
> > subject to change without notice.
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080311/32e1ff1e/attachment.html>

More information about the 389-users mailing list