On 10/23/2012 12:47 PM, Simo Sorce wrote:
> On Tue, 2012-10-23 at 12:16 -0400, Dmitri Pal wrote:
>> On 10/23/2012 07:50 AM, George Machitidze wrote:
>>> Hi
>>> I'm testing MS AD integration, following document contents
>>> http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/managing-sync-agmt.html
>>> For 8.4.2. (Creating Synchronization Agreements) we've got "--passsync
>>> secretpwd", but nowhere's said if user has to be created on MS AD
>>> side, or if any package has to be installed.
>> It is implied that this is the password of the administrative user that
>> you already have on the AD side.
> Nope, the password provided with that switch is used to create a special
> sysaccount user named 'passsync' in IPA.
> the DN of the user is: uid=passsync,cn=sysaccount,cn=etc,$suffix
> This user is used by the Windows Passsync plugin installed on AD domain
> controllers. So this password is what you need to use when configuring
> the Passync plugin together with the above dn template.
> Simo.
Then we should update our docs.

Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to