[Freeipa-users] passwd sync
Steven Jones
Steven.Jones at vuw.ac.nz
Tue Mar 27 22:24:31 UTC 2012
Hi,
We want to do a one way password sync from AD to IPA for staff but not students as they are a different AD domain,
can we do a one way sync?
Oh wait, also while I can only do one winsync to one AD domain, can I do a password sync from 2 ADs to one IPA domain?
7.4.3 talks about every password change wanting a reset.....
So it there a way to disable this for all or some groups of users?
I assume passSyncManagersDNs: uid=admin,cn=users,cn=accounts,dc=etc
could be,
uid=*,cn=staff,cn=accounts,dc=etc......
?
Since Im setting the password complexity in AD and Psync I assume that I simply do not want any policy for most users....but I still will need a global for users who are not in AD.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: Rob Crittenden [rcritten at redhat.com]
Sent: Wednesday, 28 March 2012 11:16 a.m.
To: Steven Jones
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] passwd sync
Steven Jones wrote:
> Section 7.4.2 on password sync calls for a download of a
> PassSync.msi...I cannot locate this....so your doc needs updating I think.
>
> For the 7.4.2 number 4 point 2 I see uid=passync cn=systemaccounts
> cn=etc, then the dc= usual bits
>
> I assume the two cn='s are "standard"?
It isn't incorrect, if that is what you are asking. cn is a multi-valued
attribute.
> number 4 point 4 ou=People,dc=example,dc=com is a "standard"?
It is merely an example. I think the default location for AD users is
ou=Users.
> So in my case it would simply be ou=People,dc=ods,dc=vuw,dc=ac,dc=nz
You'd want to check with your AD administrator(s).
rob
More information about the Freeipa-users
mailing list