Fedora directory users - Jul 2009 - [389-users] Migration from OpenLDAP and PassSync with AD

Dear fellow Fedora DS users and experts,

I am working on this new project where there is a two step process. We are
currently using a poorly managed OpenLDAP server for over 3 years and
planning to migrate to Fedora DS.

Scenario: OPenLDAP=====Migrate all users and passwords===> Fedora DS
<----------PassSync------->Windows AD
          
Question1: Is it possible to migrate current users (around 300users) from
OpenLDAP to Fedora DS along with the UIDs, Security id and passwords. Like
everything looks same in users perspective.

Question2: Is is possible to create a password sync between FDS and AD for
all the above users. Yes, the username is same in both the directories.

                 Question2.1: The users are stored with different Security
IDs in windows environment than in OpenLDAP or FDS. Will that pose a
problem?
       
                 Question2.2: We have several domain controllers and Active
Directory server which run in sync. Since the PassSync can only run on one
server, will it be a problem that some passwords do not get sync because the
user changed it on XP which redirected to a another server (without
PassSync)? 

If any of you has gone thru these issues and anything more, please respond
to this thread or give me links.

Thanks for your help and patience.
Prashanth

Prashanth Sundaram wrote:
> Dear fellow Fedora DS users and experts,
>
> I am working on this new project where there is a two step process. We 
> are currently using a poorly managed OpenLDAP server for over 3 years 
> and planning to migrate to Fedora DS.
>
> Scenario: OPenLDAP=====Migrate all users and passwords===> Fedora DS 
> <----------PassSync------->Windows AD
>           
> Question1: Is it possible to migrate current users (around 300users) 
> from OpenLDAP to Fedora DS along with the UIDs, Security id and 
> passwords. Like everything looks same in users perspective.
>
> Question2: Is is possible to create a password sync between FDS and AD 
> for all the above users. Yes, the username is same in both the 
> directories.
>
>                  Question2.1: The users are stored with different 
> Security IDs in windows environment than in OpenLDAP or FDS. Will that 
> pose a problem?
>        
>                  Question2.2: We have several domain controllers and 
> Active Directory server which run in sync. Since the PassSync can only 
> run on one server, will it be a problem that some passwords do not get 
> sync because the user changed it on XP which redirected to a another 
> server (without PassSync)?
You must install PassSync on all domain controllers.  PassSync can run 
on more than one AD server.  I guess we''re not very clear about this in
the documentation, because it seems to be common misperception that 
PassSync can run on only one server.
>
> If any of you has gone thru these issues and anything more, please 
> respond to this thread or give me links.
>
> Thanks for your help and patience.
> Prashanth
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>