Michael Fern?ndez M wrote: > On Mon, 2008-09-29 at 13:52 -0400, Michael Fern?ndez M wrote: > >> On Thu, 2008-09-25 at 14:13 -0600, Rich Megginson wrote: >> >>> Michael Fern?ndez M wrote: >>> >>>> Hi... >>>> >>>> I have working this in one way... i mean... >>>> >>>> If i change a password for an account on ADS this is change on FDS... >>>> (good) >>>> >>>> But it is possible to do it in the other way?, i mean change the >>>> password on FDS and then this is change on ADS? >>>> >>>> Where I have to set the FDS to connect with the ADS in order to change >>>> the passwords? >>>> >>>> >>> It should just work. What problems do you see? Any messages in the >>> error log? >>> One thing is that AD requires password changes to be sent over a secure >>> channel, which means you'll need to use TLS/SSL. >>> >> Hi.. (thanks for reply...) >> >> when i run a : >> >> /usr/lib/mozldap/ldapsearch -Z -p 636 >> -P /etc/dirsrv/slapd-justo/cert8.db -h ads_ip -D >> "cn=administrator,cn=users,dc=ads,dc=cl" -w lol -s base -b >> "ou=users,dc=ads,dc=cl" "objectclass=*" it connect to the ADS by ssl >> (636) >> >> but when i change a pass from FDS, FDS do not change anything on ADS, >> tshark does not show packets.... >> >> that's why i ask where i have to configure FDS to connect with the ADS >> service.... >> >> However in the other way ADS to FDS works without problems.... >> >> > > I think i solved this.... > > I set replica on FDS, but when i change a password (on FDS) for a user > that exist on FDS and ADS on the logs i see: > > NSMMReplicationPlugin - agmt="cn=windows" (procurador:636): > windows_replay_update: failed map dn for modify operation > dn="uid=lolo,ou=people,dc=ads,dc=cl" > > Any ideas? > Not sure. If you have a user that exists in both FDS and ADS, did they already exist that way before you did the initial sync? If so, the existing user in FDS must have the ntUser objectclass, and must have the attribute ntUserDomainID set to the Windows userid (e.g. the samAccountName). Then try changing something like the description for the user in FDS or ADS to see if it gets synced across. Note that you may have to wait up to 5 minutes for changes to go from ADS to FDS (FDS to ADS changes should happen almost immediately). See *http://tinyurl.com/4n3yzo for more information * > Regards!!! > > Michael.- > > > > >> Thanks!!! >> >> Michael.- >> >> >> >> >> >> >>>> Thanks in advance!!! >>>> >>>> Michael.- >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080929/25e4b025/attachment.bin
