The goal was that I wanted to just have passwords in sync, leaving attributes 
and what not to windows but mostly to protect from accidental deletes in IPA 
being carried out in the active directory. I've removed the onewaysync 
attribute and worked around it with limiting the permissions for the user 
handling the replication.


On 29 Apr 2016 5:49 p.m., Rich Megginson <rmegg...@redhat.com> wrote:
> On 04/29/2016 09:44 AM, Rob Crittenden wrote:
> > Andreas Calminder wrote:
> >> Hello,
> >>
> >> I'm running ipa 4.2.0-15.el7 with winsync and wondering if setting
> >> oneWaySync to fromWindows will affect password synchronization from IPA
> >> to AD, I.E password changes from IPA will not be replicated to Windows?
> >>
> >
> > Hmm, interesting question, I'm not sure. What is your goal here? Do 
> > you want to disallow attribute changes in IPA to be replicated but you 
> > DO want passwords, or you don't want anything?
> >
> > ccing Rich to see what he thinks.
> AFAIK, there is no way to sync only passwords from IPA to AD.  So if you 
> set oneWaySync: fromWindows, you will not sync password changes from IPA 
> to AD.
> >
> > rob

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to