How can I create the id=passsync,cn=sysaccounts,cn=etc,dc=example,dc=com
account without creating a replication agreement.
I do not want to replicate accounts between AD and ipa, but I do want password
changes on AD to be sent to ipa.
Is this possible?
# ldapmodify -D "cn=directory manager" -w secret -p 389 -h
ipaserver.example.com -x -a
As for how well this will work, I'm not sure. You'll also need to add
this to the pass sync managers entry ala
I forget the details on how the PassSync service links the AD entry to
the 389-ds entry. You may need to add additional attributes to IPA for
each user you want to keep synchronized.
Freeipa-users mailing list