Hi, I'd like to migrate from ODSEE and PSW to 389 directory server with windows sync. >From my understanding after reading the redhat 10/9 Directory Server documentation, existing user's password from AD will not be synced to LDAP. This of course is normal since passwords are already hashed in AD. However in SUN/Oracle ODSEE+PSW they were doing this: A special attributed was added to new synced users in LDAP. On user bind to the LDAP server, the password was caught (by the LDAP server plugin) and a second bind was tested from the LDAP server itself to the AD server. If the 2nd bind was successful the userPassword was updated on the LDAP server, the attribute was removed and the 1st bind was ok. Since I have a large AD forest (30K users) I don't want to do password reset on these old users. What is the common practice with 389 server for such scenario? Sun also had another nice feature: Uni directional sync Windows->LDAP for user create/delete but bi-directional attribute/password change. I guess this also not supported in 389 correct? thanks in advance, Giannis _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
