Thierry Lanfranchi
2005-Oct-04 07:50 UTC
[Fedora-directory-users] About the password sync feature
Hello there, I''m in the process of installing a new LDAP directory using FDS, and am willing to synchronize the password modifications between AD domains and the corresponding users in the LDAP directory. These users are not synchronized, but the ntUserDomain attribute is set to the corresponding AD account. After reading the RH admin guide, I still have a few questions, which are : 1_ Can the Password Sync feature be implemented without having to implement synchronization of the accounts between AD and FDS ? 2_ When you have multiple AD servers per domain, and multiple AD domains, how many copies of the PassSync service do you need to install ? Can the service be installed on only one server per domain, or do I need to install it on every server ? (I''m no AD guru, so I''m not sure how and when the password is definitly encoded on AD). Thanks in advance for your answers, Regards, Thierry
David Boreham
2005-Oct-05 03:44 UTC
Re: [Fedora-directory-users] About the password sync feature
Thierry Lanfranchi wrote:> I''m in the process of installing a new LDAP directory using FDS, and > am willing to synchronize the password modifications between AD > domains and the corresponding users in the LDAP directory. These users > are not synchronized, but the ntUserDomain attribute is set to the > corresponding AD account.Yes, this should work in the AD->FDS direction. I don''t believe that it''s a ''supported'' configuration, but I think it should work ok.> After reading the RH admin guide, I still have a few questions, which > are : > 1_ Can the Password Sync feature be implemented without having to > implement synchronization of the accounts between AD and FDS ?In the AD->FDS direction, yes I think so.> 2_ When you have multiple AD servers per domain, and multiple AD > domains, how many copies of the PassSync service do you need to > install ? Can the service be installed on only one server per domain, > or do I need to install it on every server ? (I''m no AD guru, so I''m > not sure how and when the password is definitly encoded on AD).You only need to install passsync in one place.