Fedora directory users - Sep 2006 - Getting ready to setup synchronization between AD and FDS

Hi everyone, we''ve been running fds now for about 8 months or so,
things
are going great, we have supplier/consumer replication agreement setup
between 2 fds servers; I would like to start looking at the password
synchronization piece between active directory and fds; we have a 2003
domain setup running in native mode; the domain and ldap root dn are the
same.  Are there any got yas that I need to be aware before setting up
the password synchronization service?  Will the password synchronization
piece allow for encrypted replication between fds and AD (currently the
fds servers are using a self signed cert for encryption).  Thanks very
much for your help.

Aaron

Confidentiality Notice:
The information contained in this electronic message is intended for the
exclusive use of the individual or entity named above and may contain privileged
or confidential information.  If the reader of this message is not the intended
recipient or the employee or agent responsible to deliver it to the intended
recipient, you are hereby notified that dissemination, distribution or copying
of this information is prohibited.  If you have received this communication in
error, please notify the sender immediately by telephone and destroy the copies
you received.

Hi Aaron,

Bliss, Aaron schrieb:
> Will the password synchronization 
> piece allow for encrypted replication between fds and AD (currently the 
> fds servers are using a self signed cert for encryption).  Thanks very 
> much for your help.
The password synchronization ONLY works with encryption, because windows 
won''t let you synchronize passwords over an unencrypted connection.
Installing the certificate on the AD server is a bit tricky. It has to 
be in a special format. The procedure for securing Active Directory is 
described in a Microsoft document. The Fedora part is described in the 
RedHat Directory Server Administrator''s Guide.

Best wishes,
Dirk Kastens