[Freeipa-devel] AD PassSync and IPA
Rich Megginson
rmeggins at redhat.com
Wed May 28 18:59:01 UTC 2008
Loris Santamaria wrote:
> Hi,
>
> we're using some FreeIPA components on a large installations that is
> migrating from AD to FDS or OpenLDAP
>
> We've succesfully installed on the FDS side the ipa-pwd-extop plugin for
> synchronizing password changes for kerberos, samba and posix password.
> Also we've successfully installed PassSync in Active Directory.
>
> When I change a password on the FDS side using kerberos, samba or
> pam_ldap, the tre hashes are updated successfully on FDS and the change
> is replicated to AD. But when I change a password on Active Directory
> _only_ the Posix password is updated on FDS, it seems because PassSync
> doesn't use the password change extop.
>
> Can this be solved modifying PassSync? I think it shouldn't be too
> difficult to modify PassSync... do anyone has some pointers on what we
> should change and how to build PassSync on windows?
>
First, please file a bug about this issue - bugzilla.redhat.com - use
the Sync Service component of product Fedora Directory Server - so we
can track this issue.
This page http://directory.fedoraproject.org/wiki/Howto:WindowsSync has
general information about PassSync, but no building information.
The source code is here -
http://cvs.fedoraproject.org/viewcvs/winsync/passwordsync/?root=dirsec
If you want to build the code, you will first have to get NSPR, NSS, and
Mozldap from mozilla:
Windows binaries - ftp://ftp.mozilla.org/pub/nspr/releases/v4.6.4/msvc6.0
ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_3_11_4_RTM/msvc6.0
ftp://ftp.mozilla.org/pub/directory/c-sdk/releases/v6.0.4/ldapcsdk-6.0.3-WINNT5.2_DBG.OBJ.zip
There is a build.bat file for cmdline use, and a .dsw file.
The source code for ldappasswd.c from Mozldap is an example of the
password modify extop.
> Thanks
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080528/d45a7bcc/attachment.bin>
More information about the Freeipa-devel
mailing list