Only a subset of attributes is sync between AD and 389 ds. http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Using_Windows_Sync-Synchronizing_Users.html#sync-users-attr
However by performing ldapsearch request over the AD and ldapmodify on the corresponding entry in 389 ds , you can create a script which merge semi-automatically some other attributes. For password sync, like said by solarflow, the Microsoft hash algorithm can t be used on other system. This is the reason why password sync service only deals with password in plain text format by adding a hook on the password change event. ________________________________ De : [email protected] [mailto:[email protected]] De la part de solarflow99 Envoyé : mardi 15 novembre 2011 09:45 À : General discussion list for the 389 Directory server project. Objet : Re: [389-users] Sync UNIX Attributes from AD to 389ds I meant to say: can't use the windows password hash On Tue, Nov 15, 2011 at 12:43 AM, solarflow99 <[email protected]> wrote: I had a similar setup as yours, for #1 I think I did have to use 389 console to enable posix attributes so the user could login to linux, i'm not sure how to make this automatic. For #2 this is because windows passwords are encrypted differently, and linux can use the windows password hash. hope this helps.. 2011/11/15 Walter Neu <[email protected]> Hi all, I have installed a 389ds which sync entries from an Active Directory running on Windows 2008 R2 Enterprise Server. Everything works fine even Password Sync. But I have still 2 problems I don't get solved: 1. It's not possible to sync the UNIX attributes from AD to 389ds. Any hints? 2. Passwords are not synced during an initial full re-syncronization. Only password changes on an AD are synced. So I have to reset a user's password and after that the password will be transmitted to the 389ds. Best regards -- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
