Re: [389-users] win sync limitation
Is there a way to use the IPA winsync plugin with 389ds? In general terms, there are some features of IPA that I'd like to use without changing the ldap server. El vie, 24-06-2011 a las 15:04 -0600, Rich Megginson escribió: On 06/24/2011 02:52 PM, solarflow99 wrote: I just noticed that a user created from windows cannot login on linux because they have no posixuser attributes. If there was 1 feature that would be a nice to have, this would be it. IPA winsync has this feature. -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] Reminder: LDAPCon 2011 Call for Papers
With the usual apologies. This is to remind you about the submission dead line for this years International Conference on LDAP: It is *July 8th* and it will not be extended. Best, Peter Am 08.04.2011 14:54, schrieb Peter Gietz: With the usual apologies. The 3rd Edition of the International Conference on LDAP (LDAPCon 2011[1]) will be held on October, 10-11, 2011 in Heidelberg, Germany. A Call For Papers[2] has been raised and the Program Committee asks you to submit abstracts by July 8th. The International Conference on LDAP is a technical forum for IT professionals interested in LDAP and related topics like directory servers, directory management applications, directory integration, identity and access management, and meta directories. It focuses on implementation and integration of LDAP servers and LDAP-enabled client applications. The event will bring together vendors, developers, active and prospective LDAP practitioners to share their experiences about deployment strategies, service operations, interoperability, discuss LDAP usage in new projects and learn about upcoming trends and developments. The 1st LDAPCon[3] was held in September 2007 in Germany, the 2nd LDAPCon[4] was held in September 2009 in Portland, Oregon, USA (Some pictures from LDAPCon 2007 [5] and a nice summary of LDAPCon 2009 [6]) So if you're involved with LDAP in interesting projects and you want to share your experiences, please check the Call For Papers and submit a proposal. Best, Peter [1]: http://www.ldapcon.org [2]: http://www.daasi.de/ldapcon2011/index.php?site=cfp [3]: http://www.guug.de/veranstaltungen/ldapcon2007/index.html [4]: http://www.symas.com/ldapcon2009 [5]: http://www.flickr.com/photos/ludovic_p/sets/72157601937159198/detail/ [6]: http://blogs.sun.com/Ludo/entry/ldapcon_2009_summary -- ___ Peter Gietz (CEO) DAASI International GmbH phone: +49 7071 407109-0 Europaplatz 3 Fax: +49 7071 407109-9 D-72074 Tübingen mail: peter.gi...@daasi.de GermanyWeb: www.daasi.de DAASI International GmbH, Tübingen Geschäftsführer Peter Gietz, Amtsgericht Stuttgart HRB 382175 Directory Applications for Advanced Security and Information Management ___ -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] question syncing with AD
Hi, I am exploring the possibilities of us setting up a 389 server and have it synchronize with our AD. I read that both 389 and AD have to be running SSL. We have multiple domain controllers that trust each other, some running SSL, some not. I wonder if every one of them have to be running SSL to make sync work. Also does passsync have to be installed on every domain controllers? Thanks a lot, Mi Email Disclaimer: www.stjude.org/emaildisclaimer -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] question syncing with AD
On 06/27/2011 01:38 PM, Mi Zhou wrote: Hi, I am exploring the possibilities of us setting up a 389 server and have it synchronize with our AD. I read that both 389 and AD have to be running SSL. We have multiple domain controllers that trust each other, some running SSL, some not. I wonder if every one of them have to be running SSL to make sync work. For passwords, yes. AD will not accept a password change unless the connection is TLS/SSL encrypted. Also does passsync have to be installed on every domain controllers? Yes. Thanks a lot, Mi Email Disclaimer: www.stjude.org/emaildisclaimer -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] question syncing with AD
Thanks Rich for the answer. A few more questions: Does existing password get synced during the initial full re-sychronization? or does it only sync changes? Does container entries got synced as well? Say, if a new OU was created on AD, will that be synced on 389? Thanks, Mi On Mon, 2011-06-27 at 14:50 -0500, Rich Megginson wrote: On 06/27/2011 01:38 PM, Mi Zhou wrote: Hi, I am exploring the possibilities of us setting up a 389 server and have it synchronize with our AD. I read that both 389 and AD have to be running SSL. We have multiple domain controllers that trust each other, some running SSL, some not. I wonder if every one of them have to be running SSL to make sync work. For passwords, yes. AD will not accept a password change unless the connection is TLS/SSL encrypted. Also does passsync have to be installed on every domain controllers? Yes. Thanks a lot, Mi Email Disclaimer: www.stjude.org/emaildisclaimer -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Mi Zhou System Integration Engineer Information Sciences St. Jude Children's Research Hospital 262 Danny Thomas Pl. MS 312 Memphis, TN 38105 901.595.5771 -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] question syncing with AD
On 06/27/2011 02:28 PM, Mi Zhou wrote: Does container entries got synced as well? Say, if a new OU was created on AD, will that be synced on 389? During the initial sync init phase - yes. During the incremental phase - no. Can we initiate a full resync to get this done, or it must be manually added on the other end? Either way should work. Thanks, Mi Email Disclaimer: www.stjude.org/emaildisclaimer -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users