NotVeryPC Posted April 20, 2010 Posted April 20, 2010 We've decided not to bind our Macs to Active Directory but I'd like to have the usernames and paswords sync'ed between our AD and OD. Does anyone know of an application or script that will do this??
AntonioRocco Posted April 21, 2010 Posted April 21, 2010 Hi Unless someone else posts and AFAIK there is no way of doing this easily. You have to realise you're talking about two distinct Kerberos Realms and KDCs. You can't add Prinicpals from one Realm to another and in an SSO environment there should only be one KDC generally. If for operational reasons your location benefits from running two parallel directory servers with all that that means then you could setup a Cross Realm Trust Relationship? Tickets/Keys from one Realm are trusted in another. That way authentication should work when Prinicpals are in one krb database with another. As you can appreciate this is not a trivial thing to do and may not be achievable in your environment depending on the Server Versions you have? However I don't think the above actually tackles your question? You can have an OD environment separated from the AD one yet still interacting with it on many levels. If Users and their passwords are exactly the same in both databases you could define an OD Password Policy that is synchronised as much as possible with the one in AD. This is easily achievable with the tools available in the interface - there should be no need for the command line, although it's there if you want it. If students are more likely to logon to a PC first on the password change due date they would have to repeat the procedure when they log onto a mac. The process would be repeated if it was the other way around. As already mentioned if no-one else posts with something that actually works and more importantly doesn't break anything else that's about as close as I think you can get. If TomH sees this post It would be interesting to hear his views? HTH? Antonio Rocco (ACSA)
powdarrmonkey Posted April 21, 2010 Posted April 21, 2010 You could look at Active Directory Federation Services if you want, but I don't know if there are pre-prepared scripts for OD.
NotVeryPC Posted April 21, 2010 Author Posted April 21, 2010 Thanks for the replies.. I did think this would be difficult, if not impossible.
NotVeryPC Posted April 21, 2010 Author Posted April 21, 2010 After looking into alternative solutions, I've had a look at augmented users. Has anyone used augment users with AFP Home drives??
spienar Posted May 31, 2011 Posted May 31, 2011 Hello; I am using Zimbra with Active Directory. I made the authentication integration but when user change password in webmail, AD account's password doesn't change. I want bi-directional synchronization. Do you have any scripts that does it? Also bulk user creation script from AD into Zimbra is needed. Thanks in advance..
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now