[Fedora-directory-users] Sync AD and FDS.

[Michael Fernández M]

On Mon, 2008-09-29 at 14:01 -0600, Rich Megginson wrote:
> Michael Fernández M wrote:
> > On Mon, 2008-09-29 at 13:52 -0400, Michael Fernández M wrote:
> >   
> >> On Thu, 2008-09-25 at 14:13 -0600, Rich Megginson wrote:
> >>     
> >>> Michael Fernández M wrote:
> >>>       
> >>>> Hi...
> >>>>
> >>>> I have working this in one way... i mean...
> >>>>
> >>>> If i change a password for an account on ADS this is change on FDS...
> >>>> (good)
> >>>>
> >>>> But it is possible to do it in the other way?, i mean change the
> >>>> password on FDS and then this is change on ADS?
> >>>>
> >>>> Where I have to set the FDS to connect with the ADS in order to change
> >>>> the passwords?
> >>>>   
> >>>>         
> >>> It should just work.  What problems do you see?  Any messages in the 
> >>> error log?
> >>> One thing is that AD requires password changes to be sent over a secure 
> >>> channel, which means you'll need to use TLS/SSL.
> >>>       
> >> Hi.. (thanks for reply...)
> >>
> >> when i run a : 
> >>
> >> /usr/lib/mozldap/ldapsearch -Z -p 636
> >> -P /etc/dirsrv/slapd-justo/cert8.db -h ads_ip -D
> >> "cn=administrator,cn=users,dc=ads,dc=cl" -w lol -s base -b
> >> "ou=users,dc=ads,dc=cl" "objectclass=*" it connect to the ADS by ssl
> >> (636)
> >>
> >> but when i change a pass from FDS, FDS do not change anything on ADS,
> >> tshark does not show packets....
> >>
> >> that's why i ask where i have to configure FDS to connect with the ADS
> >> service....
> >>
> >> However in the other way ADS to FDS works without problems....
> >>
> >>     
> >
> > I think i solved this....
> >
> > I set replica on FDS, but when i change a password (on FDS) for a user
> > that exist on FDS and ADS on the logs i see:
> >
> >  NSMMReplicationPlugin - agmt="cn=windows" (procurador:636):
> > windows_replay_update: failed map dn for modify operation
> > dn="uid=lolo,ou=people,dc=ads,dc=cl"
> >
> > Any ideas?
> >   
> Not sure.  If you have a user that exists in both FDS and ADS, did they 
> already exist that way before you did the initial sync?  If so, the 
> existing user in FDS must have the ntUser objectclass, and must have the 
> attribute ntUserDomainID set to the Windows userid (e.g. the 
> samAccountName).  Then try changing something like the description for 
> the user in FDS or ADS to see if it gets synced across.  Note that you 
> may have to wait up to 5 minutes for changes to go from ADS to FDS (FDS 
> to ADS changes should happen almost immediately).
> 

Yes i created the users in a separated way.
And the user created on FDS have the ntUserDomainID and ntUser
objectclass.

When i modify and attr on ADS this is replicated to FDS, but not on the
other way.... 


> See *http://tinyurl.com/4n3yzo for more information
> *


Thanks!






> > Regards!!!
> >
> > Michael.-
> >
> >
> >
> >   
> >> Thanks!!!
> >>
> >> Michael.-
> >>
> >>
> >>
> >>
> >>
> >>     
> >>>> Thanks in advance!!!
> >>>>
> >>>> Michael.-
> >>>>
> >>>>
> >>>> --
> >>>> Fedora-directory-users mailing list
> >>>> Fedora-directory-users at redhat.com
> >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>   
> >>>>         
> >>> --
> >>> Fedora-directory-users mailing list
> >>> Fedora-directory-users at redhat.com
> >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>       
> >> --
> >> Fedora-directory-users mailing list
> >> Fedora-directory-users at redhat.com
> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>     
> >
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >   
> 
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users