Anne Cross wrote: > I'm trying to sync passwords from 389 to Active Directory. > > If we import users from AD, then try to change their passwords, the > replication locks up. Can you be more specific? Have you tried the replication log level (which also logs winsync data) - http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting > If we create the users on 389, and sync them back to AD, the password > field passed back is blank in Windows. When you create the users on 389, are you using the clear text password in the userPassword field? > > Passsync isn't going to work because we're running 64bit Windows, so > we can't sync the passwords *from* AD. I got this working earlier, > but that was with FDS in a test instance several months ago, and I > didn't write down what I did. (And I am kicking myself over that.) > We can live without people changing their passwords on AD as long as > we *can* sync passwords down from 389. We are working on 64-bit Windows support. > > The replication manager account on AD has full Directory Admin privs, > so it *does* have the ability to update passwords. Try it with cn=administrator,cn=users,dc=yourdomain,dc=com to rule out any permissions issues. > > What am I missing? Our logs are showing us a lot of things that are > not helpful; I will be happy to attach further logs if people can tell > me what to look for, but we've been trying this for two days now, and > we're not any closer than we were when we started. > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20091022/e05df891/attachment.bin
