On 06/10/2016 01:59 AM, Joshua J. Kugler wrote: > Howdy! > > We are trying to set up password sync. I have read this: > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#password-sync > > I have added that attribute: > echo -e 'dn: cn=ipa_pwd_extop,cn=plugins,cn=config\nchangetype: modify\nadd: > passSyncManagersDNs\npassSyncManagersDNs: > uid=admin,cn=users,cn=accounts,dc=example,dc=com' | ldapmodify -x -D > 'cn=Directory Manager' -w {{ ipaserver_dir_admin_password }} -h localhost -p > 389 > > However, when I reset a password as the 'admin' user, the user's password is > still set to expired. This is CentOS 7 with the latest FreeIPA there. > > What might I be missing?
I would try to double check that the passSyncManagersDNs is indeed filled properly in the plugin configuration. Base ldapsearch will help. Then I would also recommend checking your global password policy "ipa pwpolicy-show" to make sure that you for example do not have the password max life set to 0, which would cause this behavior in current FreeIPA version. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project