On Tue, 2012-10-23 at 13:13 -0400, Dmitri Pal wrote:
> On 10/23/2012 12:47 PM, Simo Sorce wrote:
> > On Tue, 2012-10-23 at 12:16 -0400, Dmitri Pal wrote:
> >> On 10/23/2012 07:50 AM, George Machitidze wrote:
> >>> Hi
> >>>
> >>> I'm testing MS AD integration, following document contents
> >>> http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/managing-sync-agmt.html
> >>>
> >>> For 8.4.2. (Creating Synchronization Agreements) we've got "--passsync
> >>> secretpwd", but nowhere's said if user has to be created on MS AD
> >>> side, or if any package has to be installed.
> >> It is implied that this is the password of the administrative user that
> >> you already have on the AD side.
> > Nope, the password provided with that switch is used to create a special
> > sysaccount user named 'passsync' in IPA.
> > the DN of the user is: uid=passsync,cn=sysaccount,cn=etc,$suffix
> >
> > This user is used by the Windows Passsync plugin installed on AD domain
> > controllers. So this password is what you need to use when configuring
> > the Passync plugin together with the above dn template.
> >
> > Simo.
> >
> Then we should update our docs.

Yes we should clarify our manpage by making it say:
"Password for the IPA system user used by the Windows Passync plugin to
synchronize passwords"

Simo.


-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to