Rob Crittenden wrote:
Jan Cholasta wrote:
this patch fixes <https://fedorahosted.org/freeipa/ticket/3208>.
There are two typos, PasSync with only 2 s's.
I think there should be a separate section on PassSync explaining what
the service is and passwords are modified. There is some information on
this in the ticket. It doesn't need to be very long.
I had something like this in mind:
diff --git a/install/tools/man/ipa-replica-manage.1
index b1704c0..4e4bfa9 100644
@@ -176,6 +176,10 @@ Create a winsync replication agreement:
Remove a winsync replication agreement:
# ipa\-replica\-manage disconnect windows.ad.example.com
+PassSync is a Windows service that runs on AD Domain Controllers to
intercept password changes. It sends these password changes to the IPA
LDAP server over TLS. These password changes bypass normal IPA password
policy settings and the password is not set to immediately expire. This
is because by the time IPA receives the password change it has already
been accepted by AD so it is too late to reject it.
+IPA maintains a list of DNs that are excempt from password policy. A
er is added automatically when a winsync replication agreement is
created. The DN of this user is added to the excemption list stored in
passSyncManagersDNs in tne entry cn=ipa_pwd_extop,cn=plugins,cn=config.
.SH "EXIT STATUS"
0 if the command was successful
Freeipa-devel mailing list