+ Post New Thread
Results 1 to 7 of 7
Mac Thread, Sync Active Directory and Open Directory Users/Passwords in Technical; We've decided not to bind our Macs to Active Directory but I'd like to have the usernames and paswords sync'ed ...
  1. #1

    Join Date
    Nov 2009
    Posts
    25
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    9

    Sync Active Directory and Open Directory Users/Passwords

    We've decided not to bind our Macs to Active Directory but I'd like to have the usernames and paswords sync'ed between our AD and OD.

    Does anyone know of an application or script that will do this??

  2. #2

    Join Date
    Jul 2008
    Location
    Merseyside
    Posts
    295
    Thank Post
    16
    Thanked 10 Times in 10 Posts
    Rep Power
    13
    No - why dont you just bind them?

  3. #3
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    254
    Thank Post
    9
    Thanked 106 Times in 90 Posts
    Rep Power
    38
    Hi

    Unless someone else posts and AFAIK there is no way of doing this easily. You have to realise you're talking about two distinct Kerberos Realms and KDCs. You can't add Prinicpals from one Realm to another and in an SSO environment there should only be one KDC generally. If for operational reasons your location benefits from running two parallel directory servers with all that that means then you could setup a Cross Realm Trust Relationship? Tickets/Keys from one Realm are trusted in another. That way authentication should work when Prinicpals are in one krb database with another.

    As you can appreciate this is not a trivial thing to do and may not be achievable in your environment depending on the Server Versions you have?

    However I don't think the above actually tackles your question?

    You can have an OD environment separated from the AD one yet still interacting with it on many levels. If Users and their passwords are exactly the same in both databases you could define an OD Password Policy that is synchronised as much as possible with the one in AD. This is easily achievable with the tools available in the interface - there should be no need for the command line, although it's there if you want it. If students are more likely to logon to a PC first on the password change due date they would have to repeat the procedure when they log onto a mac. The process would be repeated if it was the other way around. As already mentioned if no-one else posts with something that actually works and more importantly doesn't break anything else that's about as close as I think you can get.

    If TomH sees this post It would be interesting to hear his views?

    HTH?

    Antonio Rocco (ACSA)

  4. #4

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,855
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    181
    You could look at Active Directory Federation Services if you want, but I don't know if there are pre-prepared scripts for OD.

  5. #5

    Join Date
    Nov 2009
    Posts
    25
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    9
    Thanks for the replies.. I did think this would be difficult, if not impossible.

  6. #6

    Join Date
    Nov 2009
    Posts
    25
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    9
    After looking into alternative solutions, I've had a look at augmented users. Has anyone used augment users with AFP Home drives??

  7. #7

    Join Date
    May 2011
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hello;

    I am using Zimbra with Active Directory. I made the authentication integration but when user change password in webmail, AD account's password doesn't change. I want bi-directional synchronization. Do you have any scripts that does it? Also bulk user creation script from AD into Zimbra is needed.

    Thanks in advance..

SHARE:
+ Post New Thread

Similar Threads

  1. Zimbra Active Directory Sync
    By Vortex566 in forum Scripts
    Replies: 5
    Last Post: 10th January 2012, 01:12 AM
  2. Open Directory Sync with AD
    By binky in forum General Chat
    Replies: 0
    Last Post: 5th June 2009, 08:48 PM
  3. Replies: 0
    Last Post: 6th April 2009, 10:26 PM
  4. Cannot create users in Active Directory
    By WithoutMotive in forum Windows
    Replies: 17
    Last Post: 6th February 2009, 11:20 AM
  5. Importing new users into Active Directory
    By Mr_M_Cox in forum How do you do....it?
    Replies: 16
    Last Post: 4th November 2008, 11:36 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •