Thanks Rich for the answer. A few more questions: Does existing password get synced during the initial full re-sychronization? or does it only sync changes? Does container entries got synced as well? Say, if a new OU was created on AD, will that be synced on 389? Thanks, Mi On Mon, 2011-06-27 at 14:50 -0500, Rich Megginson wrote: > On 06/27/2011 01:38 PM, Mi Zhou wrote: > > Hi, > > > > I am exploring the possibilities of us setting up a 389 server and have > > it synchronize with our AD. > > > > I read that both 389 and AD have to be running SSL. We have multiple > > domain controllers that trust each other, some running SSL, some not. I > > wonder if every one of them have to be running SSL to make sync work. > For passwords, yes. AD will not accept a password change unless the > connection is TLS/SSL encrypted. > > Also does "passsync" have to be installed on every domain controllers? > Yes. > > Thanks a lot, > > > > Mi > > > > > > > > Email Disclaimer: www.stjude.org/emaildisclaimer > > > > -- > > 389 users mailing list > > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- Mi Zhou System Integration Engineer Information Sciences St. Jude Children's Research Hospital 262 Danny Thomas Pl. MS 312 Memphis, TN 38105 901.595.5771 -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
