Thanks. In a case of extreme PEBKAC, I had copied the example and failed to update the DN. It works now.
j On Monday, June 13, 2016 09:35:53 Martin Kosek wrote: > On 06/10/2016 01:59 AM, Joshua J. Kugler wrote: > > Howdy! > > > > We are trying to set up password sync. I have read this: > > > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/h > > tml-single/Windows_Integration_Guide/index.html#password-sync > > > > I have added that attribute: > > echo -e 'dn: cn=ipa_pwd_extop,cn=plugins,cn=config\nchangetype: > > modify\nadd: passSyncManagersDNs\npassSyncManagersDNs: > > uid=admin,cn=users,cn=accounts,dc=example,dc=com' | ldapmodify -x -D > > 'cn=Directory Manager' -w {{ ipaserver_dir_admin_password }} -h localhost > > -p 389 > > > > However, when I reset a password as the 'admin' user, the user's password > > is still set to expired. This is CentOS 7 with the latest FreeIPA there. > > > > What might I be missing? > > I would try to double check that the passSyncManagersDNs is indeed filled > properly in the plugin configuration. Base ldapsearch will help. > > Then I would also recommend checking your global password policy "ipa > pwpolicy-show" to make sure that you for example do not have the password > max life set to 0, which would cause this behavior in current FreeIPA > version. > > Martin -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design [email protected] - Jabber: [email protected] PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
