On Mon, 2008-09-29 at 14:01 -0600, Rich Megginson wrote: > Michael Fern?ndez M wrote: > > On Mon, 2008-09-29 at 13:52 -0400, Michael Fern?ndez M wrote: > > > >> On Thu, 2008-09-25 at 14:13 -0600, Rich Megginson wrote: > >> > >>> Michael Fern?ndez M wrote: > >>> > >>>> Hi... > >>>> > >>>> I have working this in one way... i mean... > >>>> > >>>> If i change a password for an account on ADS this is change on FDS... > >>>> (good) > >>>> > >>>> But it is possible to do it in the other way?, i mean change the > >>>> password on FDS and then this is change on ADS? > >>>> > >>>> Where I have to set the FDS to connect with the ADS in order to change > >>>> the passwords? > >>>> > >>>> > >>> It should just work. What problems do you see? Any messages in the > >>> error log? > >>> One thing is that AD requires password changes to be sent over a secure > >>> channel, which means you'll need to use TLS/SSL. > >>> > >> Hi.. (thanks for reply...) > >> > >> when i run a : > >> > >> /usr/lib/mozldap/ldapsearch -Z -p 636 > >> -P /etc/dirsrv/slapd-justo/cert8.db -h ads_ip -D > >> "cn=administrator,cn=users,dc=ads,dc=cl" -w lol -s base -b > >> "ou=users,dc=ads,dc=cl" "objectclass=*" it connect to the ADS by ssl > >> (636) > >> > >> but when i change a pass from FDS, FDS do not change anything on ADS, > >> tshark does not show packets.... > >> > >> that's why i ask where i have to configure FDS to connect with the ADS > >> service.... > >> > >> However in the other way ADS to FDS works without problems.... > >> > >> > > > > I think i solved this.... > > > > I set replica on FDS, but when i change a password (on FDS) for a user > > that exist on FDS and ADS on the logs i see: > > > > NSMMReplicationPlugin - agmt="cn=windows" (procurador:636): > > windows_replay_update: failed map dn for modify operation > > dn="uid=lolo,ou=people,dc=ads,dc=cl" > > > > Any ideas? > > > Not sure. If you have a user that exists in both FDS and ADS, did they > already exist that way before you did the initial sync? If so, the > existing user in FDS must have the ntUser objectclass, and must have the > attribute ntUserDomainID set to the Windows userid (e.g. the > samAccountName). Then try changing something like the description for > the user in FDS or ADS to see if it gets synced across. Note that you > may have to wait up to 5 minutes for changes to go from ADS to FDS (FDS > to ADS changes should happen almost immediately). > Yes i created the users in a separated way. And the user created on FDS have the ntUserDomainID and ntUser objectclass. When i modify and attr on ADS this is replicated to FDS, but not on the other way.... > See *http://tinyurl.com/4n3yzo for more information > * Thanks! > > Regards!!! > > > > Michael.- > > > > > > > > > >> Thanks!!! > >> > >> Michael.- > >> > >> > >> > >> > >> > >> > >>>> Thanks in advance!!! > >>>> > >>>> Michael.- > >>>> > >>>> > >>>> -- > >>>> Fedora-directory-users mailing list > >>>> Fedora-directory-users at redhat.com > >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>> > >>>> > >>> -- > >>> Fedora-directory-users mailing list > >>> Fedora-directory-users at redhat.com > >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>> > >> -- > >> Fedora-directory-users mailing list > >> Fedora-directory-users at redhat.com > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
