how config sync password between openldap and active directory use FIM ?
-
2012年6月7日 4:05
how config sync password between openldap and active directory use FIM ?
password active directory and openldap sync two way ?
step config openldapXMA in FIM ?
全部回复
-
2012年6月10日 5:46
The FIM password sync is designed to take password changes that originate in AD and send those changes to various other connected systems (like OpenLDAP)
FIM is not designed to send changes the other direction (openLDAP->AD)
Frank C. Drewes III - Architect - Oxford Computer Group
-
2012年6月11日 5:06
thank for reply.
I config sync AD--> Openldap but error
Here my config
+ topology
AD --> FIM ---> Openldap (I use openldap for windows)
domain: abc.com
Domain Controller: AD-demo.abc.com
FIM: Fim-Demo.abc.com
Openldap: Openldap-demo
+ Config on Active Directory
Install and config PCSN, Set SPN
+ Config On FIM
- Create MA ADDS is "Active Directory"
- Create MA OpenldapXMA is "FIMDemo"
- Enable Password Sync
- Import and sync sussess
+ Error
-------After change pass for user in AD, Event log on AD
Event ID: 2201
The password notification was received from the filter.
Tracking ID: 6f641584-2a89-4df1-976f-4c8f9cbc8198
User GUID: d3bc86a0-4771-48c0-ad05-10e0ce6da374
User: abc\biennh
Targets: FIMDemoEvent ID: 2302
The following notification has been sent.
Thread ID: 4824
Tracking ID: 6f641584-2a89-4df1-976f-4c8f9cbc8198
User GUID: d3bc86a0-4771-48c0-ad05-10e0ce6da374
User: abc\biennh
Target: FIMDemo
Event ID: 2100
The password notification has been delivered to all targets.
Tracking ID: 6f641584-2a89-4df1-976f-4c8f9cbc8198
User GUID: d3bc86a0-4771-48c0-ad05-10e0ce6da374
User: abc\biennh
Targets: FIMDemo------- Event log on FIM
Event ID: 6913
The password notification caller has successfully authenticated to be a Domain Controller of the following domain:
Domain: abc.com
Server: AD-demoEvent ID: 6903
A password notification was received from a Password Change Notification Service.
Additional information:
Reference ID: {6F641584-2A89-4DF1-976F-4C8F9CBC8198}
Password Last Change Time: 2012-06-11 02:25:04.639
Source Object GUID: {D3BC86A0-4771-48C0-AD05-10E0CE6DA374}
Delivery Attempt: 1
Source User Name: abc\biennh
Server: AD-demoEvent ID: 6907
A password notification was successfully staged for synchronization.
Additional information:
Reference ID: {6F641584-2A89-4DF1-976F-4C8F9CBC8198}
Target Object GUID: {60E5DC74-727D-40BA-88D0-3D02203F0EB5}
Target MA Name: FIMDemo
Target DN: cn=biennh,ou=FIM,dc=abc,dc=com----------And here my error
Event ID: 6901
A password synchronization set operation has failed in a target connected data source.
Additional information:
Tracking ID: {408484BC-2E9C-4D1C-9C16-11E96A831ADC}
Reference ID: {6F641584-2A89-4DF1-976F-4C8F9CBC8198}
Target Object GUID: {60E5DC74-727D-40BA-88D0-3D02203F0EB5}
Target DN: cn=biennh,ou=FIM,dc=abc,dc=com
Target MA Name: FIMDemo
Retry Count: 1
ErrorCode: 0x80230735
ErrorString: (The target server is down.)On FIM server, i test connect to AD-Demo and Openldap-Demo this is ok.
so how debug connect to "target server".
Thanks
-
2012年6月13日 6:17
From the logs, it looks like everything is fine up until the MA tries to do a password change on the user.
I've never used that exact MA, but if it's the one I found online, it says it supports password resets. You might post on the MA's support forum and see if the error code has a known solution.
Frank C. Drewes III - Architect - Oxford Computer Group
.png)
.png){kind=spacer}
