Hello, The goal was that I wanted to just have passwords in sync, leaving attributes and what not to windows but mostly to protect from accidental deletes in IPA being carried out in the active directory. I've removed the onewaysync attribute and worked around it with limiting the permissions for the user handling the replication.
Thanks! Andreas On 29 Apr 2016 5:49 p.m., Rich Megginson <rmegg...@redhat.com> wrote: > > On 04/29/2016 09:44 AM, Rob Crittenden wrote: > > Andreas Calminder wrote: > >> Hello, > >> > >> I'm running ipa 4.2.0-15.el7 with winsync and wondering if setting > >> oneWaySync to fromWindows will affect password synchronization from IPA > >> to AD, I.E password changes from IPA will not be replicated to Windows? > >> > > > > Hmm, interesting question, I'm not sure. What is your goal here? Do > > you want to disallow attribute changes in IPA to be replicated but you > > DO want passwords, or you don't want anything? > > > > ccing Rich to see what he thinks. > > AFAIK, there is no way to sync only passwords from IPA to AD. So if you > set oneWaySync: fromWindows, you will not sync password changes from IPA > to AD. > > > > > rob > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project