Christopher Barry wrote:
-----Original Message-----From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Rich MegginsonSent: Friday, December 12, 2008 1:11 PM To: General discussion list for the Fedora Directory server project. Subject: Re: AD Password Sync Question Christopher Barry wrote:integration, I have a question regarding the 'lifetime' and locality of the plaintext password, and how this actually gets captured and sync'd.Greetings,After reading chapter 19 of the RH docs about ADIn a multi-site AD Enterprise, with a lot of DCs, would thepassword sync service need to run on every DC, Yes.Yes, that's the best way. You can point passsync at any master anywhere, as long as you are prepared to deal with latency issues (e.g. if you add a user then immediately change the password, you may have to wait for that new user to show up on your local replica first).with a partnership to the one master master Directory Server?I'm wondering how if a user in Texas changes theirpassword, it gets placed into the Directory Server Master in Pennsylvania.The DS MMR protocol will update the password on all other DS servers.Thanks, -CThanks Rich for your quick response. I think you're saying that unlike user/group sync, where you need a single MMDS to be the master interface to AD for all MMDSes, the passsync service can point to any replicated MMDS.
Yes.
Since most user adds are needed locally first, would it be better to do the local DC -> local MMDS passsync first as a rule?
Yes.
There is no limit per se - but we have only done extensive testing with 4 masters. The protocol will support many thousands of masters.Also, and this is no doubt in the docs too somewhere, but while I've got your ear, is there a limit on the number of MMDSes? e.g. can I have a MMDS at every site paired with a DC?
Thanks a lot, -C -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
