Hi, On Thu, Jun 9, 2022 at 8:58 AM Ronald Wimmer via FreeIPA-users < [email protected]> wrote:
> On 25.04.22 18:21, Ronald Wimmer via FreeIPA-users wrote: > > We managed to use IPA users as AIX users in our environment. > > Preferrably, we would like to use users from an AD group directly what > > does not seem to be possible without SSSD for AIX, right? > > > > As an alternative it would be great to synchronize users in a specific > > AD group to IPA users. I already have a draft of a python script in mind > > that could do the job. > > > > Is there any way go synchronize a user's password from AD? > > After doing some research I found out that there are some products on > the market which are capable of doing that. So, what's the point here? > What is needed to make that possible? > > Could someone with a deeper AD understanding shade a little light into > this matter? > > IdM also provides a synchronization feature (between AD and IdM, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/active-directory and more specifically https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/pass-sync ). The synchronization of passwords requires a service to be installed and configured on AD domain controllers. It cannot sync already existing passwords (because they are stored in a hashed form) but is able to capture password addition/changes and synchronize the new password to IdM. Please note however that the doc states the following: In some integration scenarios, the user synchronization may be the only available option, but in general, use of the synchronization approach is discouraged in favor of the cross-realm trust-based integration HTH, flo > Cheers, > Ronald > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
