I solved this and I'll share  my ignorance just in case it helps someone
else:  It wasn't clear to me that passsync needed the search base on the
IPA server rather than the search base for the ad server.  *facepalm*

---------- Forwarded message ----------
From: Nate Marks <npma...@gmail.com>
Date: Fri, Dec 21, 2012 at 9:47 AM
Subject: passync LDAP error in queryusername
To: freeipa-users@redhat.com

32: no such object
deferring password change for newinclude

I'm baffled.  I think I made the search base exactly the same as the  DN I
found in LDP.  Capitalized "OU" and DC.  no spaces.

the ad dn for the search base is

it detected the password change for

Any tips
Freeipa-users mailing list

Reply via email to