Hell Elliot, Am Dienstag, 29. November 2005 21:27 schrieb Elliot Schlegelmilch: > I'm a bit confused now. Which password, or which actual? You can > ldapsearch using the uid=admin,ou=system account and correct password. "correct password" thats exactly my problem. I think when setting up the system I did something wrong, because the answer is "Invalid Credentials (49)" which means wrong password. Therefore I can not connect, not search, and not modify anything.... so what to do? Uninstall and start from scratch? > > ldapsearch works, but (as you can see below) my bind password is wrong > > (or I can't remember.... :) ) > > I would suggest opening up your c:\program files\fedora directory > synchronization\conf\usersync.conf in your favorite editor, and see what > password is in it. Try binding as that user. While looking inside that > file look for the 'server.db.partition.suffix.usersync field. > While trying to install I changed this password and now it doesn't fit - or maybe I am too stupid because I can not remember. > Then, with this password and base, try another search. > > ldapsearch -v -h 192.168.1.218 -D "uid=admin,ou=system" -w pw -b > "dc=home,dc=org" "(objectclass=*) > > I'm just guessing the base, but I assume it's something very similar. > > You should see something similar to this: > # Guest, users, example.com > dn: sAMAccountName=Guest,cn=users,dc=example,dc=com > memberOf: sAMAccountName=Domain Guests,cn=users,dc=example,dc=com > lastLogon: 0 > objectGUID: 0105000000000005150000003D725165EB1AB15BC9504D49F5010000 > countryCode: 0 > Ok, so now I know what should com out - good. > Once you can access your PDC from LDAP, there's a lot better chance that > your Fedora Directory Server will be able to for replication. > Exactly thats why I switched to the ldapsearch, because it tells me much more at the output as the logfile from Replication Log. > > Btw... It would be nice to find a schema (written or drawn) which tells > > me (or everyone) how winsync and passwordsync works. The Pictures in the > > manuals tell me the way which way the servers exchange informations, but > > within the PDC (or AD) I don't know anything - it is a black box. > > And .... I didn't find the sources to check by myself - is it closed > > source? > > It's not closed source. > http://directory.fedora.redhat.com/wiki/Building#Pulling_the_Directory_Serv >er_Source The Directory Server yes. But I don't see (maybe I'm blind) the sources for the ApacheDS at the PDC (Java based) and the sources for winsync software, which comes as a .msi (Microsoft Installer) File. So is this opensource? And where to find it? And I think the manual is a little bit too small for the NT Winsync. With AD it is OK, because you use the LDAP Funktion of the AD and synchronise like a replica - more or less. But what exactly happens at the NT PDC??? I learned from this forum that winsync installs an ApacheDS as LDAP Server to connect with. OK what next. How does the ApacheDS connect to the PDC. Which user is used for the login - if any? Does it work like this: FDS --> ApacheDS (uid=admin,ou=system) --> NT PDC (user=?) or FDS --> ApacheDS (uid=admin,ou=system) --> NT PDC (user=admin) And you need the replication manager (with the acl's to add, modify and delete a user) at the FDS side for the synchronization? So this works like this (push) NT PDC (user=?) --> ApacheDS (uid=admin,ou=system) --> FDS (uid=replmanager,out=users) And how does he know which user at hte FDS to use Or like this (Pull) FDS --> ApacheDS (uid=admin,ou=system) --> NT PDC (user=?) And how does it work, when I use the Password sync? Is there a layer inbetween windows admintool and PDC that reads the input and sends it to the FDS before handing it to the PDC Directory - but for this it needs an account with administrative rights, which one? You see there are many questions with this challenging tool. See U Hartmut -- =========================================== Hartmut Woehrle EMail: hartmut.woehrle at mail.pcom.de
