Alexander, thank you for such a quick reply.
The reason im looking at this is that I want to synchronize from AD to several 
FIPA domains, but as you mention it's only1-1 passync option. This results in 
my not being able to synchronize passwords to second idm domain.
Other options I've considered are:1. Run multiple instances of passsync on each 
DC. Both will intercept password change but will send to different ipa replicas 
in different freeipa domains.
>From this link it doesn't seem to be possible however#48174 (RFE: Support for 
>running multiple instances of the PassSync service) – 389 Project

  
|  
|   
|   
|   |    |

   |

  |
|  
|   |  
#48174 (RFE: Support for running multiple instances of the PassSync service...
   |   |

  |

  |

 
2. backing up/copying freeipa database that does have user/pass to second idm 
domainThis is not something I'm looking to do but if there is no other way I'd 
be willing to consider somehow grabbing files from ipa-repplica.domain.comand 
moving to ipa-server.example.net. Is this a route that's even worth looking 
into ?
Any other options that you are aware of to make this setup possible. 
1AD->FIPA1.com                                                                  
                                                             ->FIPA2.comwith 
password replication to both?
thanks

      From: Alexander Bokovoy <aboko...@redhat.com>
 To: pgb205 <pgb...@yahoo.com> 
Cc: Freeipa-users <freeipa-users@redhat.com>
 Sent: Tuesday, May 24, 2016 12:22 PM
 Subject: Re: [Freeipa-users] Forcing passync to periodically sync passwords
   
On Tue, 24 May 2016, pgb205 wrote:
>Currently passync is only triggered one the domain controller where the
>password change is made.Is there a way to trigger passync to run
>periodically and resend information to freeipa even if there are no
>changes?
Passsync implements an interface on AD DC side that is activated only
when AD user changes the password. There is no way to access clear text
password at other time.


-- 
/ Alexander Bokovoy


  
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to