Thierry Lanfranchi wrote: > I'm in the process of installing a new LDAP directory using FDS, and > am willing to synchronize the password modifications between AD > domains and the corresponding users in the LDAP directory. These users > are not synchronized, but the ntUserDomain attribute is set to the > corresponding AD account. Yes, this should work in the AD->FDS direction. I don't believe that it's a 'supported' configuration, but I think it should work ok. > After reading the RH admin guide, I still have a few questions, which > are : > 1_ Can the Password Sync feature be implemented without having to > implement synchronization of the accounts between AD and FDS ? In the AD->FDS direction, yes I think so. > 2_ When you have multiple AD servers per domain, and multiple AD > domains, how many copies of the PassSync service do you need to > install ? Can the service be installed on only one server per domain, > or do I need to install it on every server ? (I'm no AD guru, so I'm > not sure how and when the password is definitly encoded on AD). You only need to install passsync in one place.
