Ivan - Thanks for the info! On Mon, Mar 10, 2008 at 3:15 PM, Ivan Ferreira <iferreir at personal.com.py> wrote: > Please see also: > > Twenty Questions to Ask Yourself During a Red Hat Directory Server > Deployment by Satish Chetty > > www.redhat.com/f/pdf/whitepapers/RHDS_TwentyQuestions.pdf > > > > > > > Para > fedora-directory-users at redhat.co > m > "slat3dx slat3dx" cc > <slat3dx at gmail.com> > Enviado por: Asunto > fedora-directory-users-b Help > ounces at redhat.com with NIS->FDS & AD migration > Clasificaci?n > 10/03/2008 05:13 p.m. Uso Interno > > > > Por favor, responda a > "General discussion list > for the Fedora Directory > server project." > <fedora-directory-users@ > redhat.com> > > > > > > > Hello FDS users - > > I am learning as I go here so please excuse my ignorance. I have scoured > over the Fedora and Redhat docs for Directory Server and read many threads > from this list archive concerning Active Directory sync. I'm having > trouble putting all the pieces together and would greatly appreciate some > guidance from people that have already gone through this process :) > > I am in the process of migrating from NIS to LDAP. In our environment we > run both Windows and Linux systems. For quite awhile we have been > maintaining both NIS and Active Directory. Our goal is to move away from > NIS and achieve single sign on for our users. I have installed and > configured FDS, converted and imported our NIS maps as ldif. This worked > beautifully. > > Can I create a sync agreement that only sends passwords from AD->FDS, > nothing else and no updates from FDS->AD? > I would like to configure our Linux clients to authenticate to AD with > kerberos and use FDS as the LDAP server. I understand we need to install > the password sync utility on one of our DC's and that when a user changes > their password in AD the utility will capture it in plaintext and send to > FDS. I also see that FDS and the pass sync have to be configured to share > certificates for the SSL connection between them. > > Can the sync utility be restricted to one OU within AD? What access > within > AD is required for the utility to run? Domain Admin rights or can > specific > rights be delegated? > > I would really appreciate some steps for: configuring SSL on the AD and > FDS > side. Creating and testing the sync agreement. > > Thank you so much for the help!! > > Slat3dx > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > ======================================================================================== > AVISO LEGAL: Esta informaci?n es privada y confidencial y est? dirigida > ?nicamente a su destinatario. Si usted no es el destinatario original de > este mensaje y por este medio pudo acceder a dicha informaci?n por favor > elimine el mensaje. La distribuci?n o copia de este mensaje est? > estrictamente prohibida. Esta comunicaci?n es s?lo para prop?sitos de > informaci?n y no debe ser considerada como propuesta, aceptaci?n ni como > una declaraci?n de voluntad oficial de NUCLEO S.A. La transmisi?n de > e-mails no garantiza que el correo electr?nico sea seguro o libre de > error. > Por consiguiente, no manifestamos que esta informaci?n sea completa o > precisa. Toda informaci?n est? sujeta a alterarse sin previo aviso. > > This information is private and confidential and intended for the > recipient only. If you are not the intended recipient of this message you > are hereby notified that any review, dissemination, distribution or > copying of this message is strictly prohibited. This communication is for > information purposes only and shall not be regarded neither as a proposal, > acceptance nor as a statement of will or official statement from NUCLEO > S.A. . Email transmission cannot be guaranteed to be secure or error-free. > Therefore, we do not represent that this information is complete or > accurate and it should not be relied upon as such. All information is > subject to change without notice. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080310/dbdc22f7/attachment.html
