Bliss, Aaron wrote:
The PassSync service is only responsible for sending password changes initiated on the AD side to FDS. Any password that is changed on the FDS side will be sent to AD over the synchronization agreement along with other user & group changes. The synchronization agreement will also pull changes that happened on the AD side over to FDS.I'm a little confused here; what is the purpose of the passsync service (I've successfully created a replication agreement over ssl via fds and ad). Thanks again.
The problem is that AD hashes the password differently than FDS does, so FDS needs access to the clear-text password. The only way for this to happen when a password change is initiated on the AD side is to have a password plug-in installed on the domain controller to get a copy of the clear-text password. This is exactly what the PassSync service does. It installs a plugin (passhook.dll) that receives the clear-text password which passsync.exe sends across to FDS over LDAPS.
Hopefully that clears things up. -NGK
Aaron
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
