Thank you very much, Brian!
Georgijs Radovs Junior Sysadmin <http://scandiweb.com/services> On Wed, Jan 25, 2017 at 7:13 PM, Brian Candler <b.cand...@pobox.com> wrote: > On 25/01/2017 13:48, Georgijs Radovs wrote: > > Is it possible to configure FreeIPA server so it does not mark new > passwords, set by Keycloak's LDAP bind user, expired? > > Yes, you need to configure the privileged LDAP bind user in > passSyncManagersDNs: > > dn: cn=ipa_pwd_extop,cn=plugins,cn=config > passSyncManagersDNs: uid=.... > > Note that this setting does not replicate - it needs to be applied to all > replicas by hand. > > See: > https://access.redhat.com/documentation/en-US/Red_Hat_ > Enterprise_Linux/7/html/Windows_Integration_Guide/ > pass-sync.html#password-sync > -- <https://www.youtube.com/watch?v=coVJlV1LJ84>
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project