-----BEGIN PGP SIGNED MESSAGE-----
Traces. Level 5. TID# 10098620.
Errol Campbell wrote:
> I seemed to have confused everybody.
> eDir to eDir, the top tree is UP enabled the bottom tree is not. I was
> led to believe that this was not a problem between eDir's.
> Between the top eDir and MAD pwd sync is done via the distribution
> Is that clearer?
> firstname.lastname@example.org wrote:
> Agreed your configuration is wrong. You cannot get a password value
> from the NDS password ever for synchronization to anything at all ever.
> The only reason you can "synchronize" the password between your
> eDirectory trees when changed in your bottom no-UP tree is because you
> are actually synchronizing the physical hash. Neither tree knows what
> the password value is and neither tree can get to the original password
> value (ever, at all...it's impossible which is pretty-good for security)
> so neither tree can tell AD what to set the password in AD to. Use UP
> throughout. The UP policy in eDirectory, by default, synchronizes to
> the NDS password.
> Good luck.
> David Gersic wrote:
>>>> On Tue, 20 Feb 2007 17:20:58 GMT, Errol Campbell
>>>> <email@example.com> wrote:
>>>>> I have a strange problem.
>>>>> I have three trees, two eDir and one AD.
>>>>> I sync pwds from from one to another using public/private key
>>>>> between eDirs and pwd sync 2 between eDir and AD. I am running IDM3.
>>>> For password sync to work, you need to be using Universal Password,
>>>> syncing *that* between your trees. If necessary, let UP update the NDS
>>>> password (private/public keys).
>>>> David Gersic
>>>> I'm tired of receiving rubbish in my mailbox, so the E-mail address is
>>>> munged to foil the junkmail bots. Humans will figure it out on their
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----