Il 11/12/2013 11:16, Plumel Louis-Marie ha scritto: > Hello, > > I'm windows sysadmin and i need informations about synchronisation > between two environment ( Linux and Windows) and more specially between > LDAP (openldap 2.4.31) and active directory ( 2008 R2). > > I explain in few words: > > Our environment is for 95 % Linux and the rest is Windows (7 for > workstation and 2008 R2 for servers. Our engineer ask me to find a > solution to make synchronisation between LDAP (openldap) and my Active > Directory BUT with this constraint : LDAP should remain THE MASTER . > > My request: Is the product lsc connector can be the solution for me to > make this synchronisation and in single direction (LDAP -> AD). What is > the solution for user's crypted password ? Should users have to change > their password ?
I think you need something more than lsc. Lcs migrates the entries, but you have to provision the changed passwords as well. The way we are following is to disable password change on both AD (group policies) and OpenLDAP (acl). Users have to change password in a web form. The clear text password is eventually provisioned with a custom application. There are some more details, but the key is that users are created only in openldap, but password is handled with a ad-hoc script, thank you, Francesco Malvezzi Universita' di Modena e Reggio nell'Emilia _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
