Alexander, thank you for such a quick reply.
The reason im looking at this is that I want to synchronize from AD to several
FIPA domains, but as you mention it's only1-1 passync option. This results in
my not being able to synchronize passwords to second idm domain.
Other options I've considered are:1. Run multiple instances of passsync on each
DC. Both will intercept password change but will send to different ipa replicas
in different freeipa domains.
>From this link it doesn't seem to be possible however#48174 (RFE: Support for
>running multiple instances of the PassSync service) – 389 Project
|
|
|
| | |
|
|
|
| |
#48174 (RFE: Support for running multiple instances of the PassSync service...
| |
|
|
2. backing up/copying freeipa database that does have user/pass to second idm
domainThis is not something I'm looking to do but if there is no other way I'd
be willing to consider somehow grabbing files from ipa-repplica.domain.comand
moving to ipa-server.example.net. Is this a route that's even worth looking
into ?
Any other options that you are aware of to make this setup possible.
1AD->FIPA1.com
->FIPA2.comwith
password replication to both?
thanks
From: Alexander Bokovoy <[email protected]>
To: pgb205 <[email protected]>
Cc: Freeipa-users <[email protected]>
Sent: Tuesday, May 24, 2016 12:22 PM
Subject: Re: [Freeipa-users] Forcing passync to periodically sync passwords
On Tue, 24 May 2016, pgb205 wrote:
>Currently passync is only triggered one the domain controller where the
>password change is made.Is there a way to trigger passync to run
>periodically and resend information to freeipa even if there are no
>changes?
Passsync implements an interface on AD DC side that is activated only
when AD user changes the password. There is no way to access clear text
password at other time.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
