[Freeipa-users] passwd sync
Steven Jones
Steven.Jones at vuw.ac.nz
Wed Mar 28 20:12:30 UTC 2012
Hi,
That is cool, but I have not read that anywhere, can we get that bit written into the passsync section? or have I missed it?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Dmitri Pal [dpal at redhat.com]
Sent: Thursday, 29 March 2012 8:53 a.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] passwd sync
On 03/28/2012 03:50 PM, Steven Jones wrote:
> 8><------
>
> It cannot be a wildcard:
> if (strcasecmp(krbcfg->passsync_mgrs[i], bindDN) == 0) {
> pwdata.changetype = IPA_CHANGETYPE_DSMGR;
> break;
> }
> but it is multivalued.
>
> 8><----------
>
> This is over my head
>
> 8><----------
>
> What exactly are you trying to do? Defeat password sync for
>
> uid=*,cn=staff,cn=accounts,dc=etc ? Because I don't think passSyncManagersDNs is what you want for that, unless I'm mistaken.
>
> 8><--------
>
> Ok, so at present when I setup a new user with a temp password in IPA and give it to the user they have to set a new one on first login to a client.
>
> Once password(s) flow through from AD I don't want the reset password feature in IPA to be functional when a user "first" logs in.
>
> regards
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
I do not think the password reset is required when you sync the users
from an external source. Only when you added a new user via CLI or UI or
migrated him.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list