Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 10. Installing, updating, and uninstalling the password synchronization service
To synchronize passwords between Active Directory and Red Hat Directory Server, you use the password password synchronization service. You can install, update, and remove the password synchronization service.
10.1. The password synchronization service
When you set up password synchronization with Active Directory, Directory Server retrieves all attributes of user objects except the password. Active Directory stores only encrypted passwords, but Directory Server uses different encryption. As a result, Active Directory users passwords must be encrypted by Directory Server.
To enable password synchronization between Active Directory and Directory Server, the Red Hat Directory Password Sync service hooks up into the Windows password changing routine of a domain controller (DC). If a user or administrator sets or updates a password, the service retrieves the password in plain text before it is encrypted and stored in Active Directory. This process enables Red Hat Directory Password Sync to send the plain text password to Directory Server. To protect the password, the service supports only LDAPS connections to Directory Server. When Directory Server stores the password in the user’s entry, the password is automatically encrypted with the password storage scheme configured in Directory Server.
In an Active Directory, all writable DCs can process password actions. Therefore, you must install Red Hat Directory Password Sync on every writable DC in the Active Directory domain.
10.2. Downloading the password synchronization service installer
To install Red Hat Directory Password Sync service, download the installer from the Customer Portal.
Prerequisites
- You have a valid Red Hat Directory Server subscription.
- You have an account on the Red Hat Customer Portal.
Procedure
- Go to the Red Hat Directory Server download page.
Select PassSync Installer for RHDS 11 and 12 from the list and click Download Now button.
- NOTE
-
The
PassSyncpackage is deprecated starting with Red Hat Directory Server 12.6.
- Copy the installer to every writable Active Directory domain controller (DC).
10.3. Installing the password synchronization service
This section describes how to install the Red Hat Directory Password Sync on Windows domain controllers (DC). Perform this procedure on every writable Windows DC.
Prerequisites
-
You downloaded the latest version of the
PassSync Installerto the Windows Active Directory domain controller (DC). - You enabled TLS encryption in Directory Server.
- You prepared the Active Directory domain.
- You created an account for synchronization in Directory Server.
Procedure
- Log in to the Active Directory DC with a user that has permissions to install software on the DC.
-
Double-click the
RedHat-PassSync-ds12.*-x86_64.msifile to install it. -
The
Red Hat Directory Password Sync Setupappears. Click . Fill the fields according to your Directory Server environment. For example:
Fill the following information of the Directory Server host into the fields:
-
Host Name: Sets the name of the Directory Server host. Alternatively, you can set the field to the IPv4 or IPv6 address of the Directory Server host. -
Port Number: Sets the LDAPS port number. -
User Name: Sets the distinguished name (DN) of the synchronization user account. -
Password: Sets the password of the synchronization user. -
Cert Token: Sets the password of the server certificate copied from the Directory Server host. -
Search Base: Sets the DN of the Directory Server entry that contains the synchronized user accounts.
-
- Click to start the installation.
- Click .
Reboot the Windows DC.
ImportantWithout rebooting the DC, the
PasswordHook.dlllibrary is not enabled and password synchronization fails.- Enable replication in Directory Server and create a WinSync agreement.
10.4. Updating the password synchronization service
This section describes how to update an existing Red Hat Directory Password Sync installation on a Windows domain controller (DC).
Perform this procedure on every writable Windows DC.
Prerequisites
- Red Hat Directory Password Sync is running on your Windows DC.
-
You downloaded the latest version of the
PassSync Installerto the Windows Active Directory DC.
Procedure
- Log in to the Active Directory domain controller with a user that has permissions to install software on the DC.
-
Double-click the
RedHat-PassSync-ds12.*-x86_64.msifile. - Click to begin installing.
-
Click the
button. - The setup displays the configuration set during the previous installation. Click to keep the existing settings.
- Click to start the installation.
- Click .
Reboot the Windows DC.
ImportantWithout rebooting the DC, the
PasswordHook.dlllibrary is not enabled and password synchronization will fail.
10.5. Uninstalling the password synchronization service
If you no longer require the Red Hat Directory Password Sync service, remove it from the Active Directory domain controller (DC).
Prerequisites
-
Red Hat Directory Password Syncis installed on the Windows DC.
Procedure
Log in to the Active Directory domain controller with a user that has permissions to remove software from the DC.
-
Open the
Control Panel - Click and then
Select the
Red Hat Directory Password Syncentry, and click the button.- Click to confirm.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}