<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body ocsi="0" fpstyle="1" bgcolor="#FFFFFF">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">but what about the "cant contact LDAP server in the passsync log"<br>
<br>
and are you saying I should try to change one of the passwords in AD for it to go to IDM, or vice versa?<br>
<br>
thanks<br>
<br>
<br>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF189373"><font size="2" face="Tahoma" color="#000000"><b>From:</b> Rich Megginson [rmeggins@redhat.com]<br>
<b>Sent:</b> Tuesday, February 04, 2014 12:45 PM<br>
<b>To:</b> Todd Maugh; dpal@redhat.com<br>
<b>Cc:</b> freeipa-users@redhat.com<br>
<b>Subject:</b> Re: Creating password sync<br>
</font><br>
</div>
<div></div>
<div>
<div class="moz-cite-prefix">On 02/04/2014 01:42 PM, Todd Maugh wrote:<br>
</div>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">I have not changed any passwords in AD yet.<br>
</div>
</blockquote>
<br>
Then passsync will not have sent anything.<br>
<br>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt"><br>
and the users I have in IDM  from AD, their passwords are not working<br>
</div>
</blockquote>
<br>
Right.  This is one of the (many) problems with the passsync approach - there currently is no way to populate the initial passwords - that is, passsync/IdM cannot copy your passwords over from AD to IdM.<br>
<br>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt"><br>
<br>
<div style="font-family:Times New Roman; color:#000000; font-size:16px">
<hr tabindex="-1">
<div id="divRpF355147" style="direction:ltr"><font size="2" face="Tahoma" color="#000000"><b>From:</b> Rich Megginson [<a class="moz-txt-link-abbreviated" href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>]<br>
<b>Sent:</b> Tuesday, February 04, 2014 12:40 PM<br>
<b>To:</b> Todd Maugh; <a class="moz-txt-link-abbreviated" href="mailto:dpal@redhat.com" target="_blank">
dpal@redhat.com</a><br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com" target="_blank">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: Creating password sync<br>
</font><br>
</div>
<div>
<div class="moz-cite-prefix">On 02/04/2014 01:20 PM, Todd Maugh wrote:<br>
</div>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">my passhook.log file is empty<br>
</div>
</blockquote>
<br>
Have you changed any passwords in AD?<br>
<br>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">
<div style="font-family:Times New Roman; color:#000000; font-size:16px">
<hr tabindex="-1">
<div id="divRpF268312" style="direction:ltr"><font size="2" face="Tahoma" color="#000000"><b>From:</b>
<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com" target="_blank">
freeipa-users-bounces@redhat.com</a> [<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com" target="_blank">freeipa-users-bounces@redhat.com</a>] on behalf of Todd Maugh [<a class="moz-txt-link-abbreviated" href="mailto:tmaugh@boingo.com" target="_blank">tmaugh@boingo.com</a>]<br>
<b>Sent:</b> Tuesday, February 04, 2014 11:56 AM<br>
<b>To:</b> Rich Megginson; <a class="moz-txt-link-abbreviated" href="mailto:dpal@redhat.com" target="_blank">
dpal@redhat.com</a><br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com" target="_blank">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] Creating password sync<br>
</font><br>
</div>
<div>
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">Im seeing these errors in the passsync.log<br>
<br>
<span dir="ltr">
<div>32: No such object</div>
<div>02/03/14 16:23:40: Ldap error in QueryUsername</div>
<div>32: No such object</div>
<div>02/03/14 16:57:48: Abandoning password change for scottb, backoff expired</div>
<div>02/03/14 16:57:48: Ldap bind error in Connect</div>
<div>32: No such object</div>
<div>02/03/14 16:57:48: Ldap error in QueryUsername</div>
<div>32: No such object</div>
<div>02/03/14 18:06:04: Abandoning password change for scottb, backoff expired</div>
<div>02/03/14 18:06:04: Ldap bind error in Connect</div>
<div>32: No such object</div>
<div>02/04/14 10:24:59: PassSync service initialized</div>
<div>02/04/14 10:24:59: PassSync service running</div>
<div>02/04/14 10:25:00: Ldap bind error in Connect</div>
<div>32: No such object</div>
<div>02/04/14 10:58:37: Ldap bind error in Connect</div>
<div>32: No such object</div>
<div>02/04/14 10:58:37: PassSync service stopped</div>
<div>02/04/14 10:58:38: PassSync service initialized</div>
<div>02/04/14 10:58:38: PassSync service running</div>
<div>02/04/14 10:58:39: Ldap bind error in Connect</div>
<div>32: No such object</div>
<div><br>
<br>
</div>
</span><br>
<div style="font-family:Times New Roman; color:#000000; font-size:16px">
<hr tabindex="-1">
<div id="divRpF24542" style="direction:ltr"><font size="2" face="Tahoma" color="#000000"><b>From:</b> Rich Megginson [<a class="moz-txt-link-abbreviated" href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>]<br>
<b>Sent:</b> Tuesday, February 04, 2014 9:19 AM<br>
<b>To:</b> Todd Maugh; <a class="moz-txt-link-abbreviated" href="mailto:dpal@redhat.com" target="_blank">
dpal@redhat.com</a><br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com" target="_blank">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: Creating password sync<br>
</font><br>
</div>
<div>
<div class="moz-cite-prefix">On 02/04/2014 10:17 AM, Todd Maugh wrote:<br>
</div>
<blockquote type="cite"><style id="owaParaStyle" type="text/css">
<!--
p
        {margin-top:0;
        margin-bottom:0}
p
        {margin-top:0;
        margin-bottom:0}
body
        {direction:ltr;
        font-family:Tahoma;
        color:#000000;
        font-size:10pt}
p
        {margin-top:0;
        margin-bottom:0}
body
        {direction:ltr;
        font-family:Tahoma;
        color:#000000;
        font-size:10pt}
p
        {margin-top:0;
        margin-bottom:0}
body
        {direction:ltr;
        font-family:Tahoma;
        color:#000000;
        font-size:10pt}
p
        {margin-top:0;
        margin-bottom:0}
-->
BODY {direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;}P {margin-top:0;margin-bottom:0;}</style>
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">also I have verified the password synchronization service is started and running on the windows 2008 R2 server<br>
<br>
<br>
but I cant tell if or what it is doing because iM not getting passwords to my IDM<br>
</div>
</blockquote>
<a class="moz-txt-link-freetext" href="http://port389.org/wiki/Howto:WindowsSync#PassSync_Logging" target="_blank">http://port389.org/wiki/Howto:WindowsSync#PassSync_Logging</a><br>
<br>
You can also look at the 389 access log to see if you have connections from the windows box.<br>
<br>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">
<div style="font-family:Times New Roman; color:#000000; font-size:16px">
<hr tabindex="-1">
<div id="divRpF273180" style="direction:ltr"><font size="2" face="Tahoma" color="#000000"><b>From:</b>
<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com" target="_blank">
freeipa-users-bounces@redhat.com</a> [<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com" target="_blank">freeipa-users-bounces@redhat.com</a>] on behalf of Todd Maugh [<a class="moz-txt-link-abbreviated" href="mailto:tmaugh@boingo.com" target="_blank">tmaugh@boingo.com</a>]<br>
<b>Sent:</b> Tuesday, February 04, 2014 9:04 AM<br>
<b>To:</b> Rich Megginson; <a class="moz-txt-link-abbreviated" href="mailto:dpal@redhat.com" target="_blank">
dpal@redhat.com</a><br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com" target="_blank">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> [Freeipa-users] Creating password sync<br>
</font><br>
</div>
<div>
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">Ok, So I have my replication agreement set up.<br>
<br>
and I see accounts coming in to my IDM server from AD<br>
<br>
I have followed this guide from redhat <br>
<br>
<a class="moz-txt-link-freetext" href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pass-sync.html" target="_blank">https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pass-sync.html</a><br>
<br>
to set up my password sync. <br>
<br>
I get no errors<br>
<br>
but my passwords are not syncing!<br>
<br>
Help! the documentation tells o fno way to verify or trouble shoot<br>
<br>
<br>
Thank You<br>
<br>
-Todd Maugh<br>
<a class="moz-txt-link-abbreviated" href="mailto:tmaugh@boingo.com" target="_blank">tmaugh@boingo.com</a><br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</body>
</html>