I have been strugling with FreeIPA and AD password sync for a couple of
days now. At first everything was working fine, but then all of a sudden
the synchronization started to fail for me and another user.
The error in passsync log was
Ldap error in ModifyPassword
> 50: Insufficient access
It took me some time to figure out that it was failing just for the two us.
It was failing because we were in the admin user group in FreeIPA. Is this
intentional? Is it possible to somehow change this behaviour with a
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project