Quoting Rich Megginson <rmeggins@redhat.com>:


Christian A. Rodriguez wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rich Megginson escribió:


Christian A. Rodriguez wrote:


First of all I have to mention that Windows Users & Groups were
created before Fedora Directory was installed, so when FDS was
installed I started up with replicated windows users in FDS without
passwords being synchronized. Therefore, the scenario is a Windows
tree with users (with passwords) & groups and FDS with users and
groups replicated without their passwords.

I am trying to define a mechanism to reset every password in both
directories so they begin to work synchronized.

Doing some tests, I realized that a change made in Windows is
replicated into FDS binding as the users subject of change, so as the
entry doesn't have it's password, the following lines are logged in
FDS access log:

[08/Jan/2008:15:51:35 -0300] conn=1033 op=0 BIND
dn="uid=USERXXX,OU=People,ou=Active Directory,dc=example,dc=com"
method=128 version=2
[08/Jan/2008:15:51:35 -0300] conn=1033 op=0 RESULT err=49 tag=97
nentries=0 etime=0
[08/Jan/2008:15:51:35 -0300] conn=1033 op=1 UNBIND
[08/Jan/2008:15:51:35 -0300] conn=1033 op=1 fd=80 closed - U1
[08/Jan/2008:15:51:35 -0300] conn=1032 op=2 RESULT err=50 tag=103
nentries=0 etime=0
[08/Jan/2008:15:51:35 -0300] conn=1032 op=3 UNBIND

I haven't found any documentation about inbound changes, specifically
password change, being done as the same user subject of the change. Is
this true?


Yes. That's how it verifies the new password is valid.



So, how can I do to define a procedure for initializing both
directories?

I'm not sure what you mean. For passwords, you just need to set/reset
the clear text password on either side, either the AD side or the
Fedora DS side. Assuming you have windows sync and password sync
configured correctly, setting/resetting the clear text password on AD
will sync it to Fedora DS, and vice versa.


The problem is that Active Directory Passwords were setted before FDS
was installed. So, the initial synchronization of passwords didn't set
FDS passwords, so changing the passwords in Active Directory will not
update FDS passwords because of its way to sync passwords, ie binding
to FDS as the user whose password is changed.
The only way to change passwords in both directories for users
synchronized in Active Directory is resetting their passwords only in
FDS, not in Windows because of the binding issue I mentioned.


Thanks




Are there any tips?

Thanks



Thanks in advance, and sorry for my bad English



------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users




- --
Lic. Christian A. Rodriguez
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHhYjaLiwwyzG4Y1QRAp8YAJ4lJEr2/lFBEDIF5m2Ck6Z8tEd2UQCfVBUu
xen2FPcuKSep8a3xj5kfQf4=
=ji/K
-----END PGP SIGNATURE-----

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users





--
Lic. Christian A. Rodriguez

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users