Hi,

We want to do a one way password sync from AD to IPA for staff but not students 
as they are a different AD domain, 

can we do a one way sync?

Oh wait, also while I can only do one winsync to one AD domain, can I do a 
password sync from 2 ADs to one IPA domain?

7.4.3 talks about every password change wanting a reset.....

So it there a way to disable this for all or some groups of users?  

I assume passSyncManagersDNs: uid=admin,cn=users,cn=accounts,dc=etc

could be,

 uid=*,cn=staff,cn=accounts,dc=etc......

?

Since Im setting the password complexity in AD and Psync I assume that I simply 
do not want any policy for most users....but I still will need a global for 
users who are not in AD.

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 28 March 2012 11:16 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] passwd sync

Steven Jones wrote:
> Section 7.4.2 on password sync calls for a download of a
> PassSync.msi...I cannot locate this....so your doc needs updating I think.
>
> For the 7.4.2 number 4 point 2 I see uid=passync cn=systemaccounts
> cn=etc, then the dc= usual bits
>
> I assume the two cn='s are "standard"?

It isn't incorrect, if that is what you are asking. cn is a multi-valued
attribute.

> number 4 point 4 ou=People,dc=example,dc=com is a "standard"?

It is merely an example. I think the default location for AD users is
ou=Users.

> So in my case it would simply be ou=People,dc=ods,dc=vuw,dc=ac,dc=nz

You'd want to check with your AD administrator(s).

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to