Hash: SHA1

Traces. Level 5. TID# 10098620.

Good luck.

Errol Campbell wrote:
> Sorry,
> I seemed to have confused everybody.
> Right.......
> eDir to eDir, the top tree is UP enabled the bottom tree is not. I was
> led to believe that this was not a problem between eDir's.
> Between the top eDir and MAD pwd sync is done via the distribution
> password.
> Is that clearer?
> Regards
> Errol
> ab@novell.com wrote:
> Agreed your configuration is wrong. You cannot get a password value
> from the NDS password ever for synchronization to anything at all ever.
> The only reason you can "synchronize" the password between your
> eDirectory trees when changed in your bottom no-UP tree is because you
> are actually synchronizing the physical hash. Neither tree knows what
> the password value is and neither tree can get to the original password
> value (ever, at all...it's impossible which is pretty-good for security)
> so neither tree can tell AD what to set the password in AD to. Use UP
> throughout. The UP policy in eDirectory, by default, synchronizes to
> the NDS password.
> Good luck.
> David Gersic wrote:
>>>> On Tue, 20 Feb 2007 17:20:58 GMT, Errol Campbell
>>>> <e.campbell@londonmet.ac.uk> wrote:
>>>>> I have a strange problem.
>>>>> I have three trees, two eDir and one AD.
>>>>> I sync pwds from from one to another using public/private key
>>>>> between eDirs and pwd sync 2 between eDir and AD. I am running IDM3.
>>>> For password sync to work, you need to be using Universal Password,
>>>> syncing *that* between your trees. If necessary, let UP update the NDS
>>>> password (private/public keys).
>>>> ---------------------------------------------------------------------------
>>>> David Gersic
>>>> dgersic_@_niu.edu
>>>> I'm tired of receiving rubbish in my mailbox, so the E-mail address is
>>>> munged to foil the junkmail bots. Humans will figure it out on their
>>>> own.


Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org