subject:"Re\: \[Freeipa\-devel\] \[PATCH\] 88 Reword description of the \-\-passsync option of ipa\-replica\-manage"

Re: [Freeipa-devel] [PATCH] 88 Reword description of the --passsync option of ipa-replica-manage

2012-11-02 Thread Jan Cholasta


On 1.11.2012 19:25, Rob Crittenden wrote:

Rob Crittenden wrote:

Jan Cholasta wrote:

Hi,

this patch fixes https://fedorahosted.org/freeipa/ticket/3208.


There are two typos, PasSync with only 2 s's.

I think there should be a separate section on PassSync explaining what
the service is and passwords are modified. There is some information on
this in the ticket. It doesn't need to be very long.

rob


I had something like this in mind:

diff --git a/install/tools/man/ipa-replica-manage.1
b/install/tools/man/ipa-repl
ica-manage.1
index b1704c0..4e4bfa9 100644
--- a/install/tools/man/ipa-replica-manage.1
+++ b/install/tools/man/ipa-replica-manage.1
@@ -176,6 +176,10 @@ Create a winsync replication agreement:
  .TP
  Remove a winsync replication agreement:
   # ipa\-replica\-manage disconnect windows.ad.example.com
+.SH PASSSYNC
+PassSync is a Windows service that runs on AD Domain Controllers to
intercept password changes. It sends these password changes to the IPA
LDAP server over TLS. These password changes bypass normal IPA password
policy settings and the password is not set to immediately expire. This
is because by the time IPA receives the password change it has already
been accepted by AD so it is too late to reject it.
+.TP
+IPA maintains a list of DNs that are excempt from password policy. A
special us
er is added automatically when a winsync replication agreement is
created. The DN of this user is added to the excemption list stored in
passSyncManagersDNs in tne entry cn=ipa_pwd_extop,cn=plugins,cn=config.
  .SH EXIT STATUS
  0 if the command was successful




Thanks, added. Updated patch attached.

Honza

--
Jan Cholasta
From 5045a9b50cdbe3f36793a9a3269a6699cda2c5cd Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Mon, 29 Oct 2012 05:13:39 -0400
Subject: [PATCH] Reword description of the --passsync option of
 ipa-replica-manage.

https://fedorahosted.org/freeipa/ticket/3208
---
 install/tools/ipa-replica-manage   | 2 +-
 install/tools/man/ipa-replica-manage.1 | 6 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index d489275..449138b 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -86,7 +86,7 @@ def parse_options():
 parser.add_option(--win-subtree, dest=win_subtree, default=None,
   help=DN of Windows subtree containing the users you want to sync (default cn=Users,domain suffix))
 parser.add_option(--passsync, dest=passsync, default=None,
-  help=Password for the Windows PassSync user)
+  help=Password for the IPA system user used by the Windows PassSync plugin to synchronize passwords)
 parser.add_option(--from, dest=fromhost, help=Host to get data from)
 
 options, args = parser.parse_args()
diff --git a/install/tools/man/ipa-replica-manage.1 b/install/tools/man/ipa-replica-manage.1
index b1704c0..0e71c54 100644
--- a/install/tools/man/ipa-replica-manage.1
+++ b/install/tools/man/ipa-replica-manage.1
@@ -108,7 +108,7 @@ Full path and filename of CA certificate to use with TLS/SSL to the remote serve
 DN of Windows subtree containing the users you want to sync (default cn=Users,domain suffix \- this is typically what Windows AD uses as the default value) \- Be careful to quote this value on the command line
 .TP
 \fB\-\-passsync\fR=\fIPASSSYNC_PWD\fR
-Password for the Windows PassSync user. Required when using \-\-winsync. This does not mean you have to use the PassSync service.
+Password for the IPA system user used by the Windows PassSync plugin to synchronize passwords. Required when using \-\-winsync. This does not mean you have to use the PassSync service.
 .TP
 \fB\-\-from\fR=\fISERVER\fR
 The server to pull the data from, used by the re\-initialize and force\-sync commands.
@@ -176,6 +176,10 @@ Create a winsync replication agreement:
 .TP
 Remove a winsync replication agreement:
  # ipa\-replica\-manage disconnect windows.ad.example.com
+.SH PASSSYNC
+PassSync is a Windows service that runs on AD Domain Controllers to intercept password changes. It sends these password changes to the IPA LDAP server over TLS. These password changes bypass normal IPA password policy settings and the password is not set to immediately expire. This is because by the time IPA receives the password change it has already been accepted by AD so it is too late to reject it.
+.TP
+IPA maintains a list of DNs that are excempt from password policy. A special user is added automatically when a winsync replication agreement is created. The DN of this user is added to the excemption list stored in passSyncManagersDNs in tne entry cn=ipa_pwd_extop,cn=plugins,cn=config.
 .SH EXIT STATUS
 0 if the command was successful
 
-- 
1.7.11.4

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 88 Reword description of the --passsync option of ipa-replica-manage

2012-11-01 Thread Rob Crittenden


Rob Crittenden wrote:

Jan Cholasta wrote:

Hi,

this patch fixes https://fedorahosted.org/freeipa/ticket/3208.


There are two typos, PasSync with only 2 s's.

I think there should be a separate section on PassSync explaining what
the service is and passwords are modified. There is some information on
this in the ticket. It doesn't need to be very long.

rob


I had something like this in mind:

diff --git a/install/tools/man/ipa-replica-manage.1 
b/install/tools/man/ipa-repl

ica-manage.1
index b1704c0..4e4bfa9 100644
--- a/install/tools/man/ipa-replica-manage.1
+++ b/install/tools/man/ipa-replica-manage.1
@@ -176,6 +176,10 @@ Create a winsync replication agreement:
 .TP
 Remove a winsync replication agreement:
  # ipa\-replica\-manage disconnect windows.ad.example.com
+.SH PASSSYNC
+PassSync is a Windows service that runs on AD Domain Controllers to 
intercept password changes. It sends these password changes to the IPA 
LDAP server over TLS. These password changes bypass normal IPA password 
policy settings and the password is not set to immediately expire. This 
is because by the time IPA receives the password change it has already 
been accepted by AD so it is too late to reject it.

+.TP
+IPA maintains a list of DNs that are excempt from password policy. A 
special us
er is added automatically when a winsync replication agreement is 
created. The DN of this user is added to the excemption list stored in 
passSyncManagersDNs in tne entry cn=ipa_pwd_extop,cn=plugins,cn=config.

 .SH EXIT STATUS
 0 if the command was successful


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 88 Reword description of the --passsync option of ipa-replica-manage

2012-10-29 Thread Rob Crittenden


Jan Cholasta wrote:

Hi,

this patch fixes https://fedorahosted.org/freeipa/ticket/3208.


There are two typos, PasSync with only 2 s's.

I think there should be a separate section on PassSync explaining what 
the service is and passwords are modified. There is some information on 
this in the ticket. It doesn't need to be very long.


rob

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 88 Reword description of the --passsync option of ipa-replica-manage

Re: [Freeipa-devel] [PATCH] 88 Reword description of the --passsync option of ipa-replica-manage

Re: [Freeipa-devel] [PATCH] 88 Reword description of the --passsync option of ipa-replica-manage

3 matches

Site Navigation

Mail list logo

Footer information