In my opinion, you cannot, but most of all you SHOULD NOT synchronize (already existent) passwords. You should simultaneously change passwords during a user-initiated password reset.
Self-service password from tlb-project supports both OpenLDAP and Active Directory. In fact, AD is a full, mostly standard-compliant LDAP server that you can interact with just as you can with, say, slapd. This is what lsc uses. And self-service password can use that too, the configuration documentation is sadly almost non-existent, so there you go. It is definitely doable, though. When in doubt, ask on their mailing list. To be complete: there is also another software from Cédric Dufour, that practically does the same thing as self-service password, called UPwdChg: http://cedric.dufour.name/software/upwdchg/ I am partial to this software, as (a) it separates the internet-available webserver from the server with the write-access to AD/OpenLDAP, which you can easily put into your corporate network. This will make your network and/or security admins very happy. Also (b) after reading through the source code of UPwdChg, I trust its security scheme and the encryption used. Downside is, that there currently is no password-reset mail, i.e. your user currently can only change her password if she knows her old one. However, I am currently working together with the author to implement this feature. Best, Alex. Von: [email protected] [mailto:[email protected]] Im Auftrag von ROSELIER Benoit Gesendet: Donnerstag, 26. Januar 2017 12:10 An: [email protected] Betreff: [lsc-users] Need help to sync Password Hello, I use LSC to synchronize an active directory from an openldap. I am perfectly able to synchronize my users and my groups but I block on the synchronization of the passwords. My passwords are hash in ssha in my OpenLdap, and I do not know how to retrieve them to pass them to Active directory. PS: My users use self-service password to change their password. I do not know if I can use it to indicate two destinations for changing the password (openldap and Active directory). Thanks for any suggestion. Regards
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
