Bob wrote:
How can I create the id=passsync,cn=sysaccounts,cn=etc,dc=example,dc=com
account without creating a replication agreement.
I do not want to replicate accounts between AD and ipa, but I do want password
changes on AD to be sent to ipa.
Is this possible?
# ldapmodify -D "cn=directory manager" -w secret -p 389 -h
ipaserver.example.com -x -a
dn: uid=passsync,cn=sysaccounts,cn=etc,dc=example,dc=com
objectClass: account
objectClass: simplesecurityobject
objectClass: top
uid: passsync
userPassword: secretpassword
As for how well this will work, I'm not sure. You'll also need to add
this to the pass sync managers entry ala
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pass-sync.html
I forget the details on how the PassSync service links the AD entry to
the 389-ds entry. You may need to add additional attributes to IPA for
each user you want to keep synchronized.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users