<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office"><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_ym19_1_1464110709047_2878"><span id="yui_3_16_0_ym19_1_1464110709047_3090">Alexander, thank you for such a quick reply.</span></div><div id="yui_3_16_0_ym19_1_1464110709047_2878"><span><br></span></div><div id="yui_3_16_0_ym19_1_1464110709047_2878"><span id="yui_3_16_0_ym19_1_1464110709047_2914">The reason im looking at this is that I want to synchronize from AD to several FIPA domains, but as you mention it's only</span></div><div id="yui_3_16_0_ym19_1_1464110709047_2878" dir="ltr"><span id="yui_3_16_0_ym19_1_1464110709047_3147">1-1 passync option. This results in my not being able to synchronize passwords to second idm domain.</span></div><div id="yui_3_16_0_ym19_1_1464110709047_2878" dir="ltr"><span><br></span></div><div id="yui_3_16_0_ym19_1_1464110709047_2878" dir="ltr"><span id="yui_3_16_0_ym19_1_1464110709047_3148">Other options I've considered are:</span></div><div id="yui_3_16_0_ym19_1_1464110709047_2878"><span id="yui_3_16_0_ym19_1_1464110709047_2954">1. Run multiple instances of passsync on each DC. Both will intercept password change but will send to different ipa replicas in different freeipa domains.<br>From this link it doesn't seem to be possible however</span></div><div id="yui_3_16_0_ym19_1_1464110709047_2878" dir="ltr"><span id="yui_3_16_0_ym19_1_1464110709047_2961"><a href="https://fedorahosted.org/389/ticket/48174" class="enhancr2_dd98befe-a965-90a3-4bfe-551f09f69a50" id="yui_3_16_0_ym19_1_1464110709047_2960">#48174 (RFE: Support for running multiple instances of the PassSync service) – 389 Project</a><br></span></div><div id="yui_3_16_0_ym19_1_1464110709047_3032"><br></div><div id="enhancr2_dd98befe-a965-90a3-4bfe-551f09f69a50" class="yahoo-link-enhancr-card ymail-preserve-class ymail-preserve-style" style="max-width:400px;font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;" contenteditable="false" data-url="https://fedorahosted.org/389/ticket/48174" data-type="yenhancr" data-category="article" data-embed-url="" data-size="medium" dir="ltr"> <a href="https://fedorahosted.org/389/ticket/48174" style="text-decoration:none !important; color: #000 !important;" class="yahoo-enhancr-cardlink" target="_blank" rel="noreferrer" id="yui_3_16_0_ym19_1_1464110709047_2989"> <table class="card-wrapper yahoo-ignore-table" cellpadding="0" cellspacing="0" border="0" style="max-width:400px;" id="yui_3_16_0_ym19_1_1464110709047_2988"> <tbody id="yui_3_16_0_ym19_1_1464110709047_2987"><tr id="yui_3_16_0_ym19_1_1464110709047_2986"> <td width="400" id="yui_3_16_0_ym19_1_1464110709047_2985"> <table class="card yahoo-ignore-table" cellpadding="0" cellspacing="0" border="0" width="100%" style="max-width:400px;" id="yui_3_16_0_ym19_1_1464110709047_2984"> <tbody id="yui_3_16_0_ym19_1_1464110709047_2983"><tr id="yui_3_16_0_ym19_1_1464110709047_2982"> <td class="card-primary-image-cell" style="background:#000 url('https://s.yimg.com/vv//api/res/1.2/uX7m4UXLNE_9UU.AaDGoLA--/YXBwaWQ9bWFpbDtmaT1maWxsO2g9MjAwO3c9NDAw/https://fedorahosted.org/389/chrome/common/trac_logo_mini.png.cf.jpg') no-repeat center center;background-size:cover;height:200px;position:relative;" background="https://s.yimg.com/vv//api/res/1.2/uX7m4UXLNE_9UU.AaDGoLA--/YXBwaWQ9bWFpbDtmaT1maWxsO2g9MjAwO3c9NDAw/https://fedorahosted.org/389/chrome/common/trac_logo_mini.png.cf.jpg" bgcolor="#000000" valign="top" id="yui_3_16_0_ym19_1_1464110709047_2981">  <table class="yahoo-ignore-table" cellpadding="0" cellspacing="0" border="0" valign="top" style="width:100%;" id="yui_3_16_0_ym19_1_1464110709047_2980"> <tbody id="yui_3_16_0_ym19_1_1464110709047_2979"><tr id="yui_3_16_0_ym19_1_1464110709047_2978"> <td style="background:transparent url('https://s.yimg.com/nq/storm/assets/enhancrV2/12/overlay-tile.png') repeat left top;height:200px;" background="https://s.yimg.com/nq/storm/assets/enhancrV2/12/overlay-tile.png" bgcolor="transparent" valign="top" id="yui_3_16_0_ym19_1_1464110709047_2977">  <table class="yahoo-ignore-table" height="185" style="width:100%;height:185px;min-height:185px;" id="yui_3_16_0_ym19_1_1464110709047_2976"> <tbody id="yui_3_16_0_ym19_1_1464110709047_2975"><tr id="yui_3_16_0_ym19_1_1464110709047_2974"> <td class="card-richInfo2" style="text-align:left;text-align:left;padding:15px 0 0 15px;vertical-align:top;"> </td> <td class="card-actions" style="text-align:right;padding:15px 15px 0 0;vertical-align:top;" id="yui_3_16_0_ym19_1_1464110709047_2973"> <div class="card-share-container"></div> </td> </tr> </tbody></table>  </td> </tr> </tbody></table> </td> </tr> <tr id="yui_3_16_0_ym19_1_1464110709047_3045"> <td id="yui_3_16_0_ym19_1_1464110709047_3044"> <table class="card-info yahoo-ignore-table" align="center" cellpadding="0" cellspacing="0" border="0" style="background:#fff;position:relative;z-index:2;width:95%;max-width:380px;border:1px solid #e0e4e9;border-bottom:3px solid #000000;margin-top:-40px;margin-left:auto;margin-right:auto;" id="yui_3_16_0_ym19_1_1464110709047_3043"> <tbody id="yui_3_16_0_ym19_1_1464110709047_3355"><tr id="yui_3_16_0_ym19_1_1464110709047_3354"> <td style="background-color:#ffffff;padding:16px 0 16px 12px;vertical-align:top;"> </td> <td style="vertical-align:middle;padding:16px 12px;width:99%;"> <h2 class="card-title" style="font-size: 16px; line-height:19px; margin:0 0 4px 0;font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;word-break:break-word;">#48174 (RFE: Support for running multiple instances of the PassSync service...</h2> <div class="card-description" style="font-size:11px;line-height:15px;color:#999;word-break:break-word;"></div> </td> <td style="text-align:right;padding:16px 12px 16px 0;" id="yui_3_16_0_ym19_1_1464110709047_3353"> </td> </tr> </tbody></table> </td> </tr> </tbody></table> </td> </tr> </tbody></table> </a></div><div id="yui_3_16_0_ym19_1_1464110709047_3039"><br></div><div id="yui_3_16_0_ym19_1_1464110709047_2878" dir="ltr">2. backing up/copying freeipa database that does have user/pass to second idm domain</div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1464110709047_2879">This is not something I'm looking to do but if there is no other way I'd be willing to consider somehow grabbing files from ipa-repplica.domain.com</div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1464110709047_2879" dir="ltr">and moving to ipa-server.example.net. Is this a route that's even worth looking into ?</div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1464110709047_2879" dir="ltr"><br></div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1464110709047_2879" dir="ltr">Any other options that you are aware of to make this setup possible. 1AD->FIPA1.com</div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1464110709047_2879" dir="ltr"> ->FIPA2.com</div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1464110709047_2879" dir="ltr">with password replication to both?</div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1464110709047_2879" dir="ltr"><br></div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1464110709047_2879" dir="ltr">thanks<br><br></div><div class="yahoo_quoted" id="yui_3_16_0_ym19_1_1464110709047_2888" style="display: block;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1464110709047_2887"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1464110709047_2886"> <div dir="ltr" id="yui_3_16_0_ym19_1_1464110709047_2885"> <font size="2" face="Arial" id="yui_3_16_0_ym19_1_1464110709047_2884"> <hr size="1" id="yui_3_16_0_ym19_1_1464110709047_2883"> <b id="yui_3_16_0_ym19_1_1464110709047_3250"><span style="font-weight:bold;" id="yui_3_16_0_ym19_1_1464110709047_3249">From:</span></b> Alexander Bokovoy <abokovoy@redhat.com><br> <b><span style="font-weight: bold;">To:</span></b> pgb205 <pgb205@yahoo.com> <br><b><span style="font-weight: bold;">Cc:</span></b> Freeipa-users <freeipa-users@redhat.com><br> <b><span style="font-weight: bold;">Sent:</span></b> Tuesday, May 24, 2016 12:22 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Freeipa-users] Forcing passync to periodically sync passwords<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_ym19_1_1464110709047_3013"><br>On Tue, 24 May 2016, pgb205 wrote:<div class="yqt7561872130" id="yqtfd35765"><br clear="none">>Currently passync is only triggered one the domain controller where the<br clear="none">>password change is made.Is there a way to trigger passync to run<br clear="none">>periodically and resend information to freeipa even if there are no<br clear="none">>changes?</div><br clear="none">Passsync implements an interface on AD DC side that is activated only<br clear="none">when AD user changes the password. There is no way to access clear text<br clear="none">password at other time.<br clear="none"><br clear="none"><br clear="none">-- <br clear="none">/ Alexander Bokovoy<div class="yqt7561872130" id="yqtfd65390"><br clear="none"></div><br><br></div> </div> </div> </div></div></body></html>