Richard Megginson wrote: > I think that you are getting hung up on a display issue. The supplier > is just listed as a string to identify the instance. The > synchronization is always[*] initiated from the FDS side, so as long > as you are trying to connect to AD via SSL, everything will be encrypted. >>> >>> [*] The one exception to this is the PassSync service installed on >>> the windows side. You need to configure this to connect to FDS over >>> the SSL port. >>> >>> -NGK >>> >> >> OK, but when I set it up this way and I check the replication logs, I >> see the suppliers port, and it's listed as 389. When configuring >> PassSync, I do put it in secure mode with the secure port. So it >> doesn't matter, since the PassSync config is set to SSL, and the FDS >> to AD has to be SSL, then that 389 is just an identifier? > Yes. OK. forgetting the Admin server SSL stuff which I don't really need, it is working, again. Thank you all. You cannot use pre-hashed passwords when trying to do synchronization. I was trying to go from OpenLDAP to FDS with my SSHA hashed passwords, and that did not work. You can do it, but you will have to reset the password on the AD side. You cannot carry the passwords with you to AD. > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
