[Fedora-directory-users] Sync passwords from FDS to AD

[Ville Silventoinen]

Hi,

our FDS contains a NIS-like structure of user accounts, Unix groups, 
netgroups, mail aliases and sudoers entries. We manage everything in 
Unix/Linux, using command-line tools and web pages that update the FDS and 
NIS database files (generated from the LDAP server). We are not ready to 
abandon NIS yet, hence this integration between LDAP and NIS.

We also use Active Directory, which has identical users and their 
passwords in the AD format (I don't know what it is yet). Our problem is 
that the users need to update the passwords twice, first in Linux/Unix and 
then in Windows. This is a slight hassle for the users that we'd like to 
remove. Also when a new account is created, it is first created in 
Unix/Linux and then in Windows.

I read about the WindowsSync and PassSync, but I'm bit hesitant to add all 
the "nt*" attributes to our schema, because all we want is to syncronize 
the user names and passwords from FDS to AD. The passwords are stored in 
{crypt} format in FDS. Any ideas how this could be done? Should I add 
another attribute for the AD password?

Thank you,
Ville