[389-users] 389-DSGW and userPassword / sambaNTPassword / sambaLMPassword synchronization
Juan Carlos Camargo
juancar at eprinsa.es
Thu Jul 7 05:39:39 UTC 2011
Apologies for my english :)
Thanks Rob, I'll try that.
El mié, 06-07-2011 a las 09:37 -0400, Rob Crittenden escribió:
> Juan Carlos Camargo Carrillo wrote:
> > Can IPA use 389ds as a replication partner? The idea is to have IPA as
> > a source directory with all of its growing benefits (kerberos, pass
> > sync, windows sync with selected attributes) while keeping faithful to
> > 389ds, simply because that's the solution we're all here for.
>
> I'm not sure I understand the statement "keeping faithful."
>
> This isn't something the IPA developers have tried. You can manually set
> up replication agreement between the two, using SSL would be the
> easiest. You'd probably want it to be a read-only replica.
>
> rob
> >
> > El mar, 05-07-2011 a las 08:43 -0600, Rich Megginson escribió:
> >> On 07/05/2011 07:02 AM, Alexandr Popov wrote:
> >>> Hello!
> >>>
> >>> I've got a directory server and DSGW running.
> >>>
> >>> Mail server, openvpn server and samba share use ldap authentication
> >>> against this directory server. Users change their passwords in DSGW.
> >>>
> >>> The mailserver and openvpn use SSHA hash in "userpassword" field, but
> >>> samba uses NT hash and LM hash in "sambantpassword" and
> >>> "sambalmpassword" fields accordingly.
> >>>
> >>> How can I make "userpassword" , "sambantpassword" and
> >>> "sambalmpassword" fields change synchronously when users change their
> >>> passwords in DSGW?
> >>>
> >>> As I can understand, there is no already written 389-DS-plugin for
> >>> synchronizing these fields.
> >>> Moreover, it seems to me that such issues as mine are often solved on
> >>> the ldap clients:
> >>> http://web.archiveorange.com/archive/v/I3m7YImbRJ3Dj9WoXlCz
> >>> Am I right?
> >>>
> >>> So should I change domodify.c
> >>> <http://git.fedorahosted.org/git?p=389/dsgw.git;a=blob;f=domodify.c;h=5a3719276e3283e80415a884998e5281e066a8c1;hb=refs/tags/389-dsgw-1.1.7>
> >>> which is responsible for password change in DSGW? Does it seem to be
> >>> useful for Community?
> >>>
> >>> Looking forward to your prompt repy.
> >> Patches welcome.
> >>
> >> Or you could use IPA instead - IPA provides a plugin that keeps all of
> >> your passwords in sync - userPassword, and Samba and Kerberos passwords.
> >>>
> >>> Best regards,
> >>> Alex Popov.
> >>
> >> --
> >> 389 users mailing list
> >> 389-users at lists.fedoraproject.org <mailto:389-users at lists.fedoraproject.org>
> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110707/a4953906/attachment.html>
More information about the 389-users
mailing list