On 17.4.2014 16:16, Rob Crittenden wrote:
Will Last wrote:

I have got a freeipa server (pa-server-3.0.0-37) running on centos 6.5
and am trying to set up sync with/to AD on win 2008/R2, basically

The sync agreement is bi-directional by default. But only AD users are
sync'ed to freeipa and none of the users on freeipa is sync'ed to ad,
which is what I really cared for. Even a re-initialization from AD won't
help (ipa-replica-manage re-initialize --from ad.example.com
<http://ad.example.com> ). I have turned debugging on
(nsslapd-errorlog-level to 8192), but did not see any obvious clue.

Thanks in advance for any help!

This is working as designed. IPA-only users are not synced to AD. The
bidirectional part is that changes to an AD user synced to IPA on the IPA side
will be synced back to AD.

Maybe you will be more interested in

Let us know if you have any question!

Petr^2 Spacek

Freeipa-users mailing list

Reply via email to