[Freeipa-users] passwd sync
Dmitri Pal
dpal at redhat.com
Wed Mar 28 19:53:32 UTC 2012
On 03/28/2012 03:50 PM, Steven Jones wrote:
> 8><------
>
> It cannot be a wildcard:
> if (strcasecmp(krbcfg->passsync_mgrs[i], bindDN) == 0) {
> pwdata.changetype = IPA_CHANGETYPE_DSMGR;
> break;
> }
> but it is multivalued.
>
> 8><----------
>
> This is over my head
>
> 8><----------
>
> What exactly are you trying to do? Defeat password sync for
>
> uid=*,cn=staff,cn=accounts,dc=etc ? Because I don't think passSyncManagersDNs is what you want for that, unless I'm mistaken.
>
> 8><--------
>
> Ok, so at present when I setup a new user with a temp password in IPA and give it to the user they have to set a new one on first login to a client.
>
> Once password(s) flow through from AD I don't want the reset password feature in IPA to be functional when a user "first" logs in.
>
> regards
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
I do not think the password reset is required when you sync the users
from an external source. Only when you added a new user via CLI or UI or
migrated him.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list