On Tue, 2012-10-23 at 13:13 -0400, Dmitri Pal wrote: > On 10/23/2012 12:47 PM, Simo Sorce wrote: > > On Tue, 2012-10-23 at 12:16 -0400, Dmitri Pal wrote: > >> On 10/23/2012 07:50 AM, George Machitidze wrote: > >>> Hi > >>> > >>> I'm testing MS AD integration, following document contents > >>> http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/managing-sync-agmt.html > >>> > >>> For 8.4.2. (Creating Synchronization Agreements) we've got "--passsync > >>> secretpwd", but nowhere's said if user has to be created on MS AD > >>> side, or if any package has to be installed. > >> It is implied that this is the password of the administrative user that > >> you already have on the AD side. > > Nope, the password provided with that switch is used to create a special > > sysaccount user named 'passsync' in IPA. > > the DN of the user is: uid=passsync,cn=sysaccount,cn=etc,$suffix > > > > This user is used by the Windows Passsync plugin installed on AD domain > > controllers. So this password is what you need to use when configuring > > the Passync plugin together with the above dn template. > > > > Simo. > > > Then we should update our docs.
Yes we should clarify our manpage by making it say: "Password for the IPA system user used by the Windows Passync plugin to synchronize passwords" Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users