[Freeipa-users] passwd sync

Wed Mar 28 19:50:30 UTC 2012

8><------

It cannot be a wildcard:
             if (strcasecmp(krbcfg->passsync_mgrs[i], bindDN) == 0) {
                 pwdata.changetype = IPA_CHANGETYPE_DSMGR;
                 break;
             }
but it is multivalued.

8><----------

This is over my head

8><----------

What exactly are you trying to do?  Defeat password sync for

uid=*,cn=staff,cn=accounts,dc=etc ?  Because I don't think passSyncManagersDNs is what you want for that, unless I'm mistaken.

8><--------

Ok,  so at present when I setup a new user with a temp password in IPA and give it to the user they have to set a new one on first login to a client.

Once password(s) flow through from AD I don't want the reset password feature in IPA to be functional when a user "first" logs in.

regards