On 7/23/2010 1:35 PM, Howard Chu wrote:
passwordSync: What are you thinking here? DLL that recognizes password
changes and creates apropriate hashes and syncs these into OpenLDAP, or
Yes. Bi-directionally, of course - it should also intercept LDAP
passwordModify requests and forward them to AD.
Can the FDS/389 password sync client be used or are there license issues
with it (I presume it'll be GPL like the rest of FDS) ?
If you can use it, then some or perhaps all of the work on the Windows
end can be avoided.
It talks to the DS via LDAP, I think with some minimal extensions (it's
been a long time
since I looked at the code so I'm not 100% sure).
There's also code in FDS to send changes to AD via LDAP (including
password changes).
Whether or not that code would be useful I'm not sure. It'd certainly be
useful as a reference
for how to talk to AD successfully. Possibly there's similar code in
other projects too.
There are a few hoops you need to jump through in order to get password
changes into AD
successfully, iirc.