[389-users] AD2008 on 64 bit windows, 389 Directory Server passwords...

[Anne Cross]

I'm trying to sync passwords from 389 to Active Directory.

If we import users from AD, then try to change their passwords, the 
replication locks up.
If we create the users on 389, and sync them back to AD, the password 
field passed back is blank in Windows.

Passsync isn't going to work because we're running 64bit Windows, so we 
can't sync the passwords *from* AD.  I got this working earlier, but 
that was with FDS in a test instance several months ago, and I didn't 
write down what I did.  (And I am kicking myself over that.)  We can 
live without people changing their passwords on AD as long as we *can* 
sync passwords down from 389.

The replication manager account on AD has full Directory Admin privs, so 
it *does* have the ability to update passwords.

What am I missing?  Our logs are showing us a lot of things that are not 
helpful; I will be happy to attach further logs if people can tell me 
what to look for, but we've been trying this for two days now, and we're 
not any closer than we were when we started.

-- 
,___,
{o,o}  Anne "Juniper" Cross
(___)  Senior Linux Systems Engineer and Extropic Crusader
-"-"-- Information Technology, ITA Software
/^^^