[Fedora-directory-users] 'Account Disabled' Windows Sync Directory Server red cross
Rich Megginson
rmeggins at redhat.com
Wed Dec 3 17:56:30 UTC 2008
lambam80 at hotmail.com wrote:
> Rich, hello and thanks for the quick reply.
>
> You write:
>
> < Yes, this appears to be a bug in windows sync
>
> How might I get further information - is there a BUG number/report ?
> Should I try and log a BUG ? If so, where ?
https://bugzilla.redhat.com/show_bug.cgi?id=470224
>
> Sorry, I'm new to Fedora/Redhat/Linux (migrating off Sun Solaris, so
> to speak).
>
> Anyway, I have the following work-around:
> - use the password sync mechanism from Redhat - I've yet to test this
> - next on my list
> - Use a script to do the following:
> -- create Directory Server user account
> -- create Active Directory account using ldapmodify and LDAPS
> -- set the Active Directory unicodePwd:: using ldapmodify and LDAPS
> -- set the Active Directory userAccountControl: 512 using ldapmodify
> and LDAPS. '512', I believe, 'enables' the account.
Yes. See also http://support.microsoft.com/kb/305144
But if you are using WinSync, you can configure it to automatically
create accounts in AD when added to DS, and vice versa. So you might
just use
DirSync or sequence number to look for new AD accounts that are
disabled, and enable them. See
http://msdn.microsoft.com/en-us/library/ms677626(VS.85).aspx and
http://support.microsoft.com/kb/891995
>
> Thanks again for your help,
>
> Dave (former employee of iPlanet :-)
My condolences :-)
> ------------
>
> > Date: Tue, 2 Dec 2008 08:51:08 -0700
> > From: rmeggins at redhat.com
> > To: fedora-directory-users at redhat.com
> > CC: lambam80 at hotmail.com
> > Subject: Re: [Fedora-directory-users] 'Account Disabled' Windows
> Sync Directory Server red cross
> >
> > lambam80 at hotmail.com wrote:
> > > Firstly, please accept my apologies for a white lie.
> > > I'm, in fact, using CentOS but a colleague of mine recommended that I
> > > use this forum/mailing-list.
> > >
> > > Let me know if this white-lie is a problem.
> > >
> > > cat /etc/redhat-release
> > > CentOS release 5.2 (Final)
> > >
> > > /usr/sbin/ns-slapd -v
> > > CentOS-Directory/8.0.4 B2008.288.1513
> > >
> > > Windows 2003 Server Standard Edition R2
> > >
> > > I've 'successfully' configured Windows Sync and it
> > > works in both directions.
> > >
> > > However, accounts that are synched from Centos Directory Server to
> > > Active Directory are
> > > created with the 'Account Disabled' checkbox selected.
> > >
> > > In the Windows account administration interface
> > > they also have the red cross next to them.
> > >
> > > Q1. Have other people seen this behavior with Windows Sync ?
> > Yes, this appears to be a bug in windows sync
> > >
> > > Q2. How can I change this behavior and have the
> > > windows-accounts enabled from the start ?
> > Not sure.
> > >
> > > Thanks for your time, cheers lambam80
> > > Active-Directory Active-Dir Active Dir Active Directory
> > > Edit/Delete Message
> > > <http://forums.fedoraforum.org/editpost.php?do=editpost&p=1122288>
> > >
> > >
> ------------------------------------------------------------------------
> > >
> > >
> ------------------------------------------------------------------------
> > >
> > >
> ------------------------------------------------------------------------
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users at redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >
> >
>
>
> ------------------------------------------------------------------------
> Win a trip with your 3 best buddies. Enter today.
> <http://www.messengerbuddies.ca/?ocid=BUDDYOMATICENCA19>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20081203/740373b4/attachment.bin>
More information about the Fedora-directory-users
mailing list