On Tue, 2012-03-27 at 19:40 -0600, Rich Megginson wrote:
> On 03/27/2012 07:36 PM, Steven Jones wrote:
> > Hi
> >
> > Until we collapse the domains into one we will have a one way sync for 
> > staff only...  I assume because a student does not exist if staff then 
> > there will be no sync....they will simply have a linux/IPA password.
> >
> > I dont need anything to go from IPA to AD, its all AD to IPA or manually 
> > created in IPA which stays there.
> ok - then you can just use the oneWaySync feature of 389.
> >
> > "What exactly are you trying to do?  Defeat password sync for"   -  Turn 
> > off password policy for everyone. Policy will be controlled by AD or 
> > Psync..so the password should come through from AD via passsync with the 
> > complexity we want......
> Not sure how you do that with IPA

passsync uses a user to save passwords in IPA, all you need to do is to
make sure that user is one of the passsync managers. When you do that
password policy is not enforced at all and the password is taken in as
is w/o any check.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to