Good! Thanks for confirmation (I suspected PEBKAC, thus my questions). Martin
On 07/02/2016 10:01 PM, Joshua J. Kugler wrote: > Thanks. In a case of extreme PEBKAC, I had copied the example and failed to > update the DN. It works now. > > j > > > On Monday, June 13, 2016 09:35:53 Martin Kosek wrote: >> On 06/10/2016 01:59 AM, Joshua J. Kugler wrote: >>> Howdy! >>> >>> We are trying to set up password sync. I have read this: >>> >>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/h >>> tml-single/Windows_Integration_Guide/index.html#password-sync >>> >>> I have added that attribute: >>> echo -e 'dn: cn=ipa_pwd_extop,cn=plugins,cn=config\nchangetype: >>> modify\nadd: passSyncManagersDNs\npassSyncManagersDNs: >>> uid=admin,cn=users,cn=accounts,dc=example,dc=com' | ldapmodify -x -D >>> 'cn=Directory Manager' -w {{ ipaserver_dir_admin_password }} -h localhost >>> -p 389 >>> >>> However, when I reset a password as the 'admin' user, the user's password >>> is still set to expired. This is CentOS 7 with the latest FreeIPA there. >>> >>> What might I be missing? >> >> I would try to double check that the passSyncManagersDNs is indeed filled >> properly in the plugin configuration. Base ldapsearch will help. >> >> Then I would also recommend checking your global password policy "ipa >> pwpolicy-show" to make sure that you for example do not have the password >> max life set to 0, which would cause this behavior in current FreeIPA >> version. >> >> Martin > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project