Will Last wrote:
Hi,

I have got a freeipa server (pa-server-3.0.0-37) running on centos 6.5
and am trying to set up sync with/to AD on win 2008/R2, basically
following
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/active-directory.html.
The sync agreement is bi-directional by default. But only AD users are
sync'ed to freeipa and none of the users on freeipa is sync'ed to ad,
which is what I really cared for. Even a re-initialization from AD won't
help (ipa-replica-manage re-initialize --from ad.example.com
<http://ad.example.com> ). I have turned debugging on
(nsslapd-errorlog-level to 8192), but did not see any obvious clue.

Thanks in advance for any help!

This is working as designed. IPA-only users are not synced to AD. The bidirectional part is that changes to an AD user synced to IPA on the IPA side will be synced back to AD.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to