Red Hat Directory Server 8.0 Administrator's Guide
Figure 19.2. Multi-Master Directory Server - Windows Domain
Synchronization
Directory Server passwords are synchronized along with other entry attributes because
plain-text passwords are retained in the Directory Server changelog. The Password Sync
Service is needed to catch password changes made on Active Directory. Without the Password
Sync Service, it would be impossible to have Windows passwords synchronized because
passwords are hashed in Active Directory, and the Windows hashing function is incompatible
with the one used by Directory Server.
2. Configuring Windows Sync
2.1. Step 1: Configure SSL on Directory Server
To configure the Directory Server to run in SSL, see Chapter 11, Managing SSL. To configure
SSL on Active Directory, see the appropriate user documentation.
Use the certutil utility to create self-signed certificates or obtain and install certificates to
enable SSL; for more information, see Section 3, “Using certutil”.
The following certificates must be issued and installed on both the Directory Server and the
Active Directory sync peer:
• CA certificate, shared between the Directory Server and Active Directory
Chapter 19. Synchronizing Red Hat Directory Server with Microsoft Active Directory
518