Alexander, thank you for such a quick reply.
The reason im looking at this is that I want to synchronize from AD to several
FIPA domains, but as you mention it's only1-1 passync option. This results in
my not being able to synchronize passwords to second idm domain.
Other options I've considered are:1. Run multiple instances of passsync on each
DC. Both will intercept password change but will send to different ipa replicas
in different freeipa domains.
>From this link it doesn't seem to be possible however#48174 (RFE: Support for
>running multiple instances of the PassSync service) – 389 Project
| | |
#48174 (RFE: Support for running multiple instances of the PassSync service...
2. backing up/copying freeipa database that does have user/pass to second idm
domainThis is not something I'm looking to do but if there is no other way I'd
be willing to consider somehow grabbing files from ipa-repplica.domain.comand
moving to ipa-server.example.net. Is this a route that's even worth looking
Any other options that you are aware of to make this setup possible.
password replication to both?
From: Alexander Bokovoy <aboko...@redhat.com>
To: pgb205 <pgb...@yahoo.com>
Cc: Freeipa-users <firstname.lastname@example.org>
Sent: Tuesday, May 24, 2016 12:22 PM
Subject: Re: [Freeipa-users] Forcing passync to periodically sync passwords
On Tue, 24 May 2016, pgb205 wrote:
>Currently passync is only triggered one the domain controller where the
>password change is made.Is there a way to trigger passync to run
>periodically and resend information to freeipa even if there are no
Passsync implements an interface on AD DC side that is activated only
when AD user changes the password. There is no way to access clear text
password at other time.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project