[389-users] Migration from OpenLDAP and PassSync with AD

Rich Megginson rmeggins at redhat.com
Thu Jul 9 15:03:00 UTC 2009 

Prashanth Sundaram wrote:
> Dear fellow Fedora DS users and experts,
>
> I am working on this new project where there is a two step process. We 
> are currently using a poorly managed OpenLDAP server for over 3 years 
> and planning to migrate to Fedora DS.
>
> Scenario: OPenLDAP=====Migrate all users and passwords===> Fedora DS 
> <----------PassSync------->Windows AD
>           
> Question1: Is it possible to migrate current users (around 300users) 
> from OpenLDAP to Fedora DS along with the UIDs, Security id and 
> passwords. Like everything looks same in users perspective.
>
> Question2: Is is possible to create a password sync between FDS and AD 
> for all the above users. Yes, the username is same in both the 
> directories.
>
>                  Question2.1: The users are stored with different 
> Security IDs in windows environment than in OpenLDAP or FDS. Will that 
> pose a problem?
>        
>                  Question2.2: We have several domain controllers and 
> Active Directory server which run in sync. Since the PassSync can only 
> run on one server, will it be a problem that some passwords do not get 
> sync because the user changed it on XP which redirected to a another 
> server (without PassSync)?
You must install PassSync on all domain controllers.  PassSync can run 
on more than one AD server.  I guess we're not very clear about this in 
the documentation, because it seems to be common misperception that 
PassSync can run on only one server.
>
> If any of you has gone thru these issues and anything more, please 
> respond to this thread or give me links.
>
> Thanks for your help and patience.
> Prashanth
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090709/52e20c45/attachment.bin>

More information about the 389-users mailing list