Hello FreeIPA Users,
I am trying to make working a sync between my AD win 2008 R2 and FreeIPA
(fedora 20) server.
My goal is to retrieve all my AD users in freeIPA database.
1. With "ipa-replica-manage connect --winsync ...", I succeeded to copy
users from AD to FreeIPA (via the sync agreement)
But passwords have not been sync. I had to reinit password in IPA to
enable user login in the freeipa domain.
Is it a normal issue ? Is there any way to sync password ?
2. I tried then to sync posix attributes (from my AD which has
"Subsystem for UNIX-based Applications") into the freeIPA server with
activating the posix winsync plugin
I would like to extract attributes from my AD like :
- uidNumber
- gidNumber
- unixHomeDirectory
- loginShell
- msSFU30NisDomain
With posix winsync activated, the sync do not work at all... no AD users
sync.
What is missing to enable it ? I follow the documentation here
http://www.port389.org/docs/389ds/design/winsync-posix.html
And enable the plugin this way :
ldapmodify -D "cn=directory manager" -w xxxxx
dn: cn=Posix Winsync API,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
Ed
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
