Thanks. In a case of extreme PEBKAC, I had copied the example and failed to 
update the DN.  It works now.

j


On Monday, June 13, 2016 09:35:53 Martin Kosek wrote:
> On 06/10/2016 01:59 AM, Joshua J. Kugler wrote:
> > Howdy!
> > 
> > We are trying to set up password sync.  I have read this:
> > 
> > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/h
> > tml-single/Windows_Integration_Guide/index.html#password-sync
> > 
> > I have added that attribute:
> > echo -e 'dn: cn=ipa_pwd_extop,cn=plugins,cn=config\nchangetype:
> > modify\nadd: passSyncManagersDNs\npassSyncManagersDNs:
> > uid=admin,cn=users,cn=accounts,dc=example,dc=com' | ldapmodify -x -D
> > 'cn=Directory Manager' -w {{ ipaserver_dir_admin_password }} -h localhost
> > -p 389
> > 
> > However, when I reset a password as the 'admin' user, the user's password
> > is still set to expired.  This is CentOS 7 with the latest FreeIPA there.
> > 
> > What might I be missing?
> 
> I would try to double check that the passSyncManagersDNs is indeed filled
> properly in the plugin configuration. Base ldapsearch will help.
> 
> Then I would also recommend checking your global password policy "ipa
> pwpolicy-show" to make sure that you for example do not have the password
> max life set to 0, which would cause this behavior in current FreeIPA
> version.
> 
> Martin

-- 
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber: pedah...@gmail.com
PGP Key: http://pgp.mit.edu/  ID 0x73B13B6A

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to