Bob wrote:

How can I create the id=passsync,cn=sysaccounts,cn=etc,dc=example,dc=com 
account without creating a replication agreement.

I do not want to replicate accounts between AD and ipa, but I do want password 
changes on AD to be sent to ipa.

Is this possible?

# ldapmodify -D "cn=directory manager" -w secret -p 389 -h -x -a
dn: uid=passsync,cn=sysaccounts,cn=etc,dc=example,dc=com
objectClass: account
objectClass: simplesecurityobject
objectClass: top
uid: passsync
userPassword: secretpassword

As for how well this will work, I'm not sure. You'll also need to add this to the pass sync managers entry ala

I forget the details on how the PassSync service links the AD entry to the 389-ds entry. You may need to add additional attributes to IPA for each user you want to keep synchronized.


Freeipa-users mailing list

Reply via email to