Hello FreeIPA Users,

I am trying to make working a sync between my AD win 2008 R2 and FreeIPA (fedora 20) server.
My goal is to retrieve all my AD users in freeIPA database.

1. With "ipa-replica-manage connect --winsync ...", I succeeded to copy users from AD to FreeIPA (via the sync agreement) But passwords have not been sync. I had to reinit password in IPA to enable user login in the freeipa domain.
Is it a normal issue ? Is there any way to sync password ?

2. I tried then to sync posix attributes (from my AD which has "Subsystem for UNIX-based Applications") into the freeIPA server with activating the posix winsync plugin
I would like to extract attributes from my AD like :
- uidNumber
- gidNumber
- unixHomeDirectory
- loginShell
- msSFU30NisDomain

With posix winsync activated, the sync do not work at all... no AD users sync.
What is missing to enable it ? I follow the documentation here
http://www.port389.org/docs/389ds/design/winsync-posix.html

And enable the plugin this way :
ldapmodify -D "cn=directory manager" -w xxxxx
dn: cn=Posix Winsync API,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on

Ed


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to