We want to do a one way password sync from AD to IPA for staff but not students
as they are a different AD domain,
can we do a one way sync?
Oh wait, also while I can only do one winsync to one AD domain, can I do a
password sync from 2 ADs to one IPA domain?
7.4.3 talks about every password change wanting a reset.....
So it there a way to disable this for all or some groups of users?
I assume passSyncManagersDNs: uid=admin,cn=users,cn=accounts,dc=etc
Since Im setting the password complexity in AD and Psync I assume that I simply
do not want any policy for most users....but I still will need a global for
users who are not in AD.
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 28 March 2012 11:16 a.m.
To: Steven Jones
Subject: Re: [Freeipa-users] passwd sync
Steven Jones wrote:
> Section 7.4.2 on password sync calls for a download of a
> PassSync.msi...I cannot locate this....so your doc needs updating I think.
> For the 7.4.2 number 4 point 2 I see uid=passync cn=systemaccounts
> cn=etc, then the dc= usual bits
> I assume the two cn='s are "standard"?
It isn't incorrect, if that is what you are asking. cn is a multi-valued
> number 4 point 4 ou=People,dc=example,dc=com is a "standard"?
It is merely an example. I think the default location for AD users is
> So in my case it would simply be ou=People,dc=ods,dc=vuw,dc=ac,dc=nz
You'd want to check with your AD administrator(s).
Freeipa-users mailing list