We want to do a one way password sync from AD to IPA for staff but not students 
as they are a different AD domain, 

can we do a one way sync?

Oh wait, also while I can only do one winsync to one AD domain, can I do a 
password sync from 2 ADs to one IPA domain?

7.4.3 talks about every password change wanting a reset.....

So it there a way to disable this for all or some groups of users?  

I assume passSyncManagersDNs: uid=admin,cn=users,cn=accounts,dc=etc

could be,



Since Im setting the password complexity in AD and Psync I assume that I simply 
do not want any policy for most users....but I still will need a global for 
users who are not in AD.


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 28 March 2012 11:16 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] passwd sync

Steven Jones wrote:
> Section 7.4.2 on password sync calls for a download of a
> PassSync.msi...I cannot locate this....so your doc needs updating I think.
> For the 7.4.2 number 4 point 2 I see uid=passync cn=systemaccounts
> cn=etc, then the dc= usual bits
> I assume the two cn='s are "standard"?

It isn't incorrect, if that is what you are asking. cn is a multi-valued

> number 4 point 4 ou=People,dc=example,dc=com is a "standard"?

It is merely an example. I think the default location for AD users is

> So in my case it would simply be ou=People,dc=ods,dc=vuw,dc=ac,dc=nz

You'd want to check with your AD administrator(s).


Freeipa-users mailing list

Reply via email to