Re: [389-users] Sync UNIX Attributes from AD to 389ds

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Only a subset of attributes is sync between AD and 389 ds.

http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Using_Windows_Sync-Synchronizing_Users.html#sync-users-attr

However by performing ldapsearch request over the AD and ldapmodify on the corresponding entry in 389 ds , you can create a script which merge semi-automatically some other attributes.

 

For password sync, like said by solarflow, the Microsoft hash algorithm can t be used on other system. This is the reason why password sync service only deals with password in plain text format by adding a hook on the password change event.

 

 

De : 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] De la part de solarflow99
Envoyé : mardi 15 novembre 2011 09:45
À : General discussion list for the 389 Directory server project.
Objet : Re: [389-users] Sync UNIX Attributes from AD to 389ds

 

I meant to say:

 

can't use the windows password hash

 

 

 

On Tue, Nov 15, 2011 at 12:43 AM, solarflow99 <solarflow99@xxxxxxxxx> wrote:

I had a similar setup as yours, for #1 I think I did have to use 389 console to enable posix attributes so the user could login to linux, i'm not sure how to make this automatic.  For #2 this is because windows passwords are encrypted differently, and linux can use the windows password hash.


hope this helps..

 

 

2011/11/15 Walter Neu <w.neu@xxxxxxxxxxx>

Hi all,

I have installed a 389ds which sync entries from an Active Directory running on Windows 2008 R2 Enterprise Server. Everything works fine even Password Sync. But I have still 2 problems I don't get solved:

1.    It's not possible to sync the UNIX attributes from AD to 389ds. Any hints?
2.    Passwords are not synced during an initial full re-syncronization. Only password changes on an AD are synced. So I have to reset a user's password and after that the password will be transmitted to the 389ds.

Best regards

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

 

 

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux