I'm seeking a little guidance in regard to the Windows Sync configuration. I
have the Windows Sync service speaking to the Fedora Directory Server (SSL
enabled), but passwords are not updated on the FDS side.
Environment is Windows 2000 server, Fedora Core 3 w/ FDS 1.0 w/ the latest
PassSync.msi
I have configured WinSync to use cn=replication manager,cn=config as the
bind user. This user exists in FDS.
I enabled logging for the password sync service, and found the following
entry in the passsync.log log:
12/09/05 11:17:06: Attempting to sync password for username
12/09/05 11:17:06: Searching for (ntuserdomainid=username)
12/09/05 11:17:06: Ldap error in ModifyPassword
50: Insufficient access
12/09/05 11:17:06: Modify password failed for remote entry:
uid=username,ou=People, dc=domain, dc=com
12/09/05 11:17:06: Deferring password change for username
12/09/05 11:17:06: Backing off for 32000ms
So, there it is.. the third line of log entry "Insufficient access".
I assume that its an ACI problem with the cn=replication manager,cn=config
user. I attempted to create an ACI to resolve the issue, but no luck.
(targetattr = "*") (target = "ldap:///uid=*,ou=People,dc=domain,dc=com";)
(version 3.0;acl "WinSync";allow (all,proxy)(userdn = "ldap:///cn=replication
manager,cn=config") <ldap:///cn=replicationmanager,cn=config";)>;)
Some help would be greatly appreciated.
Thanks,
Bryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20051209/b22670e6/attachment.html
