Thank you for your reply. I tried creating a windows sync agreement between the 389 DS and AD Read Only DC(RODC). When I give all the details in the New Windows Sync Agreement screen , it does not give me an error message saying that "Cannot contact active directory server." But when I try to initiate Full Re-synchronization it gives me an error saying "connection error: operation failure - Total update aborted. Error Code:1". But I am seeing all the users and groups properly sync without passwords at the proper target OU in the 389 DS. Can this be a bug or am I missing something? I don't get this error If I am syncing with an AD Read Write DC(RWDC).
Regards. On Wed, Dec 5, 2018 at 3:56 PM William Brown <will...@blackhats.net.au> wrote: > > > > On 30 Nov 2018, at 01:30, Abhisheyk Deb <abhisheyk...@gmail.com> wrote: > > > > I have the following structure AD RWDC(Read Write), AD RODC(Read Only), > and a 389 DS instance. > > > > PassSync will be installed on the AD RODC and the 389 DS instance will > sync with it. > > > > If the users are created on the AD RWDC and synced with the RODC, can > PassSync still intercept passwords in cleartext format, and push them to > 389 DS? > > I think the answer is “yes” but you won’t get anything from the RODC > Denied Replication group (IE domain admins). > > > > > > > > > _______________________________________________ > > 389-users mailing list -- 389-users@lists.fedoraproject.org > > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > > — > Sincerely, > > William > > > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >
_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org