On 06/10/2016 01:59 AM, Joshua J. Kugler wrote:
> Howdy!
> We are trying to set up password sync.  I have read this:
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#password-sync
> I have added that attribute:
> echo -e 'dn: cn=ipa_pwd_extop,cn=plugins,cn=config\nchangetype: modify\nadd: 
> passSyncManagersDNs\npassSyncManagersDNs: 
> uid=admin,cn=users,cn=accounts,dc=example,dc=com' | ldapmodify -x -D 
> 'cn=Directory Manager' -w {{ ipaserver_dir_admin_password }} -h localhost -p 
> 389
> However, when I reset a password as the 'admin' user, the user's password is 
> still set to expired.  This is CentOS 7 with the latest FreeIPA there.
> What might I be missing?

I would try to double check that the passSyncManagersDNs is indeed filled
properly in the plugin configuration. Base ldapsearch will help.

Then I would also recommend checking your global password policy "ipa
pwpolicy-show" to make sure that you for example do not have the password max
life set to 0, which would cause this behavior in current FreeIPA version.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to