8><------

It cannot be a wildcard:
             if (strcasecmp(krbcfg->passsync_mgrs[i], bindDN) == 0) {
                 pwdata.changetype = IPA_CHANGETYPE_DSMGR;
                 break;
             }
but it is multivalued.

8><----------

This is over my head

8><----------

What exactly are you trying to do?  Defeat password sync for

uid=*,cn=staff,cn=accounts,dc=etc ?  Because I don't think passSyncManagersDNs 
is what you want for that, unless I'm mistaken.

8><--------

Ok,  so at present when I setup a new user with a temp password in IPA and give 
it to the user they have to set a new one on first login to a client.

Once password(s) flow through from AD I don't want the reset password feature 
in IPA to be functional when a user "first" logs in.

regards


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to