[389-users] Migration from OpenLDAP and Sync with AD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 07/09/2009 07:19 AM, Prashanth Sundaram wrote:
> Dear fellow Fedora DS users and experts,
>
> I am working on this new project where there is a two step process. We are
> currently using a poorly managed OpenLDAP server for over 3 years and
> planning to migrate to Fedora DS.
>
> Scenario: OPenLDAP=====Migrate all users and passwords===>  Fedora DS
> <----------PassSync------->Windows AD
>
> Question1: Is it possible to migrate current users (around 300users) from
> OpenLDAP to Fedora DS along with the UIDs, Security id and passwords. Like
> everything looks same in users perspective.
>    
It depends on the schema that is used, but this should be a case of 
exporting from OpenLDAP and importing to 389.
> Question2: Is is possible to create a password sync between FDS and AD for
> all the above users. Yes, the username is same in both the directories.
>    
Yes, you can sync passwords.  A number of other common attributes are 
synchronized as well.  These attributes are listed in the Red Hat 
Directory Server Administrator's Guide.
>                   Question2.1: The users are stored with different Security
> IDs in windows environment than in OpenLDAP or FDS. Will that pose a
> problem?
>    
I'm not sure what LDAP attribute you are referring to as the "Security 
ID", so I can't say if this will be a problem.
>
>                   Question2.2: We have several domain controllers and Active
> Directory server which run in sync. Since the PassSync can only run on one
> server, will it be a problem that some passwords do not get sync because the
> user changed it on XP which redirected to a another server (without
> PassSync)?
>    
You need to run the PassSync service on all domain controllers.  It's 
the synchronization agreement that you set up on the 389 side that can 
only point to one domain controller.
> If any of you has gone thru these issues and anything more, please respond
> to this thread or give me links.
>
> Thanks for your help and patience.
> Prashanth
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux