Installing the Password Sync Service
67
Passwords can only be synchronized if both the Directory Server and Windows server are running
in SSL, the sync agreement is configured over an SSL connection, and certificate databases are
configured for Password Sync to access.
1. Download the
PassSync.msi
file from the appropriate Directory Server channel in Red Hat
Network and save it to the Active Directory machine.
IMPORTANT
Although the Password Sync packages are listed in every Directory Server channel
in Red Hat Network (Solaris, Red Hat Enterprise Linux 32-bit and Red Hat Enterprise
Linux 64-bit), Password Sync is only supported on 32-bit Windows machines.
2. Double-click on the
PassSync.msi
file to install it.
3. The
Password Sync Setup
window appears. Hit
Next
to begin installing.
4. Fill in the Directory Server hostname, secure port number, user name (such as
cn=sync
manager,cn=config
), the certificate token (password), and the search base (e.g.,
ou=People,dc=example,dc=com
).
Hit
Next
, then
Finish
to install Password Sync.
5. Reboot the Windows machine to start Password Sync.
NOTE
The Windows machine must be rebooted. Without the rebooting,
PasswordHook.dll
is not enabled, and password synchronization will not function.
The first attempt to synchronize passwords, which happened when the Password Sync application
is installed, will always fail because the SSL connection between the Directory Server and Active
Directory sync peers. The tools to create the certificate and key databases is installed with the
.msi
.
6. Next, set up certificates that Password Sync uses to access the Directory Server over SSL.
SSL is required for Password Sync to send passwords to Directory Server. The service will not
send the passwords except over SSL to protect the clear text password sent from the Active
Directory machine to the Directory Server machine. This means that Password Sync will not work
until SSL is configured.
7. On the Directory Server, export the server certificate.
cd /usr/lib/dirsrv/slapd-
instance_name
certutil -d . -L -n "CA certificate" -a > dsca.crt
8. Copy the exported certificate from the Directory Server to the Windows machine.