On 12/21/2012 10:54 AM, Nate Marks wrote: > I solved this and I'll share my ignorance just in case it helps > someone else: It wasn't clear to me that passsync needed the search > base on the IPA server rather than the search base for the ad server. > *facepalm* >
May be we can make the docs clear. Can you point to the place that confused you? > ---------- Forwarded message ---------- > From: *Nate Marks* <npma...@gmail.com <mailto:npma...@gmail.com>> > Date: Fri, Dec 21, 2012 at 9:47 AM > Subject: passync LDAP error in queryusername > To: freeipa-users@redhat.com <mailto:freeipa-users@redhat.com> > > > 32: no such object > deferring password change for newinclude > > > I'm baffled. I think I made the search base exactly the same as the > DN I found in LDP. Capitalized "OU" and DC. no spaces. > > the ad dn for the search base is > 'OU=syncinclude,OU=syncroot,DC=testdomain,DC=corp' > > it detected the password change for > 'CN=newinclude,OU=syncinclude,OU=syncroot,DC=testdomain,DC=corp' > > Any tips > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users