On 7/23/2010 1:35 PM, Howard Chu wrote:
Can the FDS/389 password sync client be used or are there license issues with it (I presume it'll be GPL like the rest of FDS) ? If you can use it, then some or perhaps all of the work on the Windows end can be avoided. It talks to the DS via LDAP, I think with some minimal extensions (it's been a long timepasswordSync: What are you thinking here? DLL that recognizes password changes and creates apropriate hashes and syncs these into OpenLDAP, orYes. Bi-directionally, of course - it should also intercept LDAP passwordModify requests and forward them to AD.
since I looked at the code so I'm not 100% sure).There's also code in FDS to send changes to AD via LDAP (including password changes). Whether or not that code would be useful I'm not sure. It'd certainly be useful as a reference for how to talk to AD successfully. Possibly there's similar code in other projects too. There are a few hoops you need to jump through in order to get password changes into AD
successfully, iirc.