[Fedora-directory-users] About the password sync feature
David Boreham
david_list at boreham.org
Wed Oct 5 03:44:19 UTC 2005
Thierry Lanfranchi wrote:
> I'm in the process of installing a new LDAP directory using FDS, and
> am willing to synchronize the password modifications between AD
> domains and the corresponding users in the LDAP directory. These users
> are not synchronized, but the ntUserDomain attribute is set to the
> corresponding AD account.
Yes, this should work in the AD->FDS direction.
I don't believe that it's a 'supported' configuration, but I think it
should work ok.
> After reading the RH admin guide, I still have a few questions, which
> are :
> 1_ Can the Password Sync feature be implemented without having to
> implement synchronization of the accounts between AD and FDS ?
In the AD->FDS direction, yes I think so.
> 2_ When you have multiple AD servers per domain, and multiple AD
> domains, how many copies of the PassSync service do you need to
> install ? Can the service be installed on only one server per domain,
> or do I need to install it on every server ? (I'm no AD guru, so I'm
> not sure how and when the password is definitly encoded on AD).
You only need to install passsync in one place.
More information about the Fedora-directory-users
mailing list