FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 09-25-2008, 08:13 PM
Rich Megginson
 
Default Sync AD and FDS.

Michael Fernández M wrote:

Hi...

I have working this in one way... i mean...

If i change a password for an account on ADS this is change on FDS...
(good)

But it is possible to do it in the other way?, i mean change the
password on FDS and then this is change on ADS?

Where I have to set the FDS to connect with the ADS in order to change
the passwords?

It should just work. What problems do you see? Any messages in the
error log?
One thing is that AD requires password changes to be sent over a secure
channel, which means you'll need to use TLS/SSL.


Thanks in advance!!!

Michael.-


--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users




--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 09-25-2008, 08:46 PM
Michael Fernández M
 
Default Sync AD and FDS.

Hi...

I have working this in one way... i mean...

If i change a password for an account on ADS this is change on FDS...
(good)

But it is possible to do it in the other way?, i mean change the
password on FDS and then this is change on ADS?

Where I have to set the FDS to connect with the ADS in order to change
the passwords?


Thanks in advance!!!

Michael.-


--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 09-29-2008, 05:52 PM
Michael Fernández M
 
Default Sync AD and FDS.

On Thu, 2008-09-25 at 14:13 -0600, Rich Megginson wrote:
> Michael Fernández M wrote:
> > Hi...
> >
> > I have working this in one way... i mean...
> >
> > If i change a password for an account on ADS this is change on FDS...
> > (good)
> >
> > But it is possible to do it in the other way?, i mean change the
> > password on FDS and then this is change on ADS?
> >
> > Where I have to set the FDS to connect with the ADS in order to change
> > the passwords?
> >
> It should just work. What problems do you see? Any messages in the
> error log?
> One thing is that AD requires password changes to be sent over a secure
> channel, which means you'll need to use TLS/SSL.

Hi.. (thanks for reply...)

when i run a :

/usr/lib/mozldap/ldapsearch -Z -p 636
-P /etc/dirsrv/slapd-justo/cert8.db -h ads_ip -D
"cn=administrator,cn=users,dc=ads,dc=cl" -w lol -s base -b
"ou=users,dc=ads,dc=cl" "objectclass=*" it connect to the ADS by ssl
(636)

but when i change a pass from FDS, FDS do not change anything on ADS,
tshark does not show packets....

that's why i ask where i have to configure FDS to connect with the ADS
service....

However in the other way ADS to FDS works without problems....

Thanks!!!

Michael.-





> >
> > Thanks in advance!!!
> >
> > Michael.-
> >
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users


--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 09-29-2008, 08:01 PM
Rich Megginson
 
Default Sync AD and FDS.

Michael Fernández M wrote:

On Mon, 2008-09-29 at 13:52 -0400, Michael Fernández M wrote:


On Thu, 2008-09-25 at 14:13 -0600, Rich Megginson wrote:


Michael Fernández M wrote:


Hi...

I have working this in one way... i mean...

If i change a password for an account on ADS this is change on FDS...
(good)

But it is possible to do it in the other way?, i mean change the
password on FDS and then this is change on ADS?

Where I have to set the FDS to connect with the ADS in order to change
the passwords?


It should just work. What problems do you see? Any messages in the
error log?
One thing is that AD requires password changes to be sent over a secure
channel, which means you'll need to use TLS/SSL.


Hi.. (thanks for reply...)

when i run a :


/usr/lib/mozldap/ldapsearch -Z -p 636
-P /etc/dirsrv/slapd-justo/cert8.db -h ads_ip -D
"cn=administrator,cn=users,dc=ads,dc=cl" -w lol -s base -b
"ou=users,dc=ads,dc=cl" "objectclass=*" it connect to the ADS by ssl
(636)

but when i change a pass from FDS, FDS do not change anything on ADS,
tshark does not show packets....

that's why i ask where i have to configure FDS to connect with the ADS
service....

However in the other way ADS to FDS works without problems....




I think i solved this....

I set replica on FDS, but when i change a password (on FDS) for a user
that exist on FDS and ADS on the logs i see:

NSMMReplicationPlugin - agmt="cn=windows" (procurador:636):
windows_replay_update: failed map dn for modify operation
dn="uid=lolo,ou=people,dc=ads,dc=cl"

Any ideas?

Not sure. If you have a user that exists in both FDS and ADS, did they
already exist that way before you did the initial sync? If so, the
existing user in FDS must have the ntUser objectclass, and must have the
attribute ntUserDomainID set to the Windows userid (e.g. the
samAccountName). Then try changing something like the description for
the user in FDS or ADS to see if it gets synced across. Note that you
may have to wait up to 5 minutes for changes to go from ADS to FDS (FDS
to ADS changes should happen almost immediately).


See *http://tinyurl.com/4n3yzo for more information
*

Regards!!!

Michael.-





Thanks!!!

Michael.-







Thanks in advance!!!

Michael.-


--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users


--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users




--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users




--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 09-29-2008, 08:43 PM
Michael Fernández M
 
Default Sync AD and FDS.

On Mon, 2008-09-29 at 13:52 -0400, Michael Fernández M wrote:
> On Thu, 2008-09-25 at 14:13 -0600, Rich Megginson wrote:
> > Michael Fernández M wrote:
> > > Hi...
> > >
> > > I have working this in one way... i mean...
> > >
> > > If i change a password for an account on ADS this is change on FDS...
> > > (good)
> > >
> > > But it is possible to do it in the other way?, i mean change the
> > > password on FDS and then this is change on ADS?
> > >
> > > Where I have to set the FDS to connect with the ADS in order to change
> > > the passwords?
> > >
> > It should just work. What problems do you see? Any messages in the
> > error log?
> > One thing is that AD requires password changes to be sent over a secure
> > channel, which means you'll need to use TLS/SSL.
>
> Hi.. (thanks for reply...)
>
> when i run a :
>
> /usr/lib/mozldap/ldapsearch -Z -p 636
> -P /etc/dirsrv/slapd-justo/cert8.db -h ads_ip -D
> "cn=administrator,cn=users,dc=ads,dc=cl" -w lol -s base -b
> "ou=users,dc=ads,dc=cl" "objectclass=*" it connect to the ADS by ssl
> (636)
>
> but when i change a pass from FDS, FDS do not change anything on ADS,
> tshark does not show packets....
>
> that's why i ask where i have to configure FDS to connect with the ADS
> service....
>
> However in the other way ADS to FDS works without problems....
>

I think i solved this....

I set replica on FDS, but when i change a password (on FDS) for a user
that exist on FDS and ADS on the logs i see:

NSMMReplicationPlugin - agmt="cn=windows" (procurador:636):
windows_replay_update: failed map dn for modify operation
dn="uid=lolo,ou=people,dc=ads,dc=cl"

Any ideas?

Regards!!!

Michael.-



> Thanks!!!
>
> Michael.-
>
>
>
>
>
> > >
> > > Thanks in advance!!!
> > >
> > > Michael.-
> > >
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users@redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >
> >
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users


--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 09-29-2008, 09:43 PM
Michael Fernández M
 
Default Sync AD and FDS.

On Mon, 2008-09-29 at 14:01 -0600, Rich Megginson wrote:
> Michael Fernández M wrote:
> > On Mon, 2008-09-29 at 13:52 -0400, Michael Fernández M wrote:
> >
> >> On Thu, 2008-09-25 at 14:13 -0600, Rich Megginson wrote:
> >>
> >>> Michael Fernández M wrote:
> >>>
> >>>> Hi...
> >>>>
> >>>> I have working this in one way... i mean...
> >>>>
> >>>> If i change a password for an account on ADS this is change on FDS...
> >>>> (good)
> >>>>
> >>>> But it is possible to do it in the other way?, i mean change the
> >>>> password on FDS and then this is change on ADS?
> >>>>
> >>>> Where I have to set the FDS to connect with the ADS in order to change
> >>>> the passwords?
> >>>>
> >>>>
> >>> It should just work. What problems do you see? Any messages in the
> >>> error log?
> >>> One thing is that AD requires password changes to be sent over a secure
> >>> channel, which means you'll need to use TLS/SSL.
> >>>
> >> Hi.. (thanks for reply...)
> >>
> >> when i run a :
> >>
> >> /usr/lib/mozldap/ldapsearch -Z -p 636
> >> -P /etc/dirsrv/slapd-justo/cert8.db -h ads_ip -D
> >> "cn=administrator,cn=users,dc=ads,dc=cl" -w lol -s base -b
> >> "ou=users,dc=ads,dc=cl" "objectclass=*" it connect to the ADS by ssl
> >> (636)
> >>
> >> but when i change a pass from FDS, FDS do not change anything on ADS,
> >> tshark does not show packets....
> >>
> >> that's why i ask where i have to configure FDS to connect with the ADS
> >> service....
> >>
> >> However in the other way ADS to FDS works without problems....
> >>
> >>
> >
> > I think i solved this....
> >
> > I set replica on FDS, but when i change a password (on FDS) for a user
> > that exist on FDS and ADS on the logs i see:
> >
> > NSMMReplicationPlugin - agmt="cn=windows" (procurador:636):
> > windows_replay_update: failed map dn for modify operation
> > dn="uid=lolo,ou=people,dc=ads,dc=cl"
> >
> > Any ideas?
> >
> Not sure. If you have a user that exists in both FDS and ADS, did they
> already exist that way before you did the initial sync? If so, the
> existing user in FDS must have the ntUser objectclass, and must have the
> attribute ntUserDomainID set to the Windows userid (e.g. the
> samAccountName). Then try changing something like the description for
> the user in FDS or ADS to see if it gets synced across. Note that you
> may have to wait up to 5 minutes for changes to go from ADS to FDS (FDS
> to ADS changes should happen almost immediately).
>

Yes i created the users in a separated way.
And the user created on FDS have the ntUserDomainID and ntUser
objectclass.

When i modify and attr on ADS this is replicated to FDS, but not on the
other way....


> See *http://tinyurl.com/4n3yzo for more information
> *


Thanks!






> > Regards!!!
> >
> > Michael.-
> >
> >
> >
> >
> >> Thanks!!!
> >>
> >> Michael.-
> >>
> >>
> >>
> >>
> >>
> >>
> >>>> Thanks in advance!!!
> >>>>
> >>>> Michael.-
> >>>>
> >>>>
> >>>> --
> >>>> Fedora-directory-users mailing list
> >>>> Fedora-directory-users@redhat.com
> >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>
> >>>>
> >>> --
> >>> Fedora-directory-users mailing list
> >>> Fedora-directory-users@redhat.com
> >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>
> >> --
> >> Fedora-directory-users mailing list
> >> Fedora-directory-users@redhat.com
> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>
> >
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users


--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 

Thread Tools




All times are GMT. The time now is 05:48 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org