[Freeipa-users] nothing sync'ed to AD
Rob Crittenden
rcritten at redhat.com
Thu Apr 17 14:16:33 UTC 2014
Will Last wrote:
> Hi,
>
> I have got a freeipa server (pa-server-3.0.0-37) running on centos 6.5
> and am trying to set up sync with/to AD on win 2008/R2, basically
> following
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/active-directory.html.
> The sync agreement is bi-directional by default. But only AD users are
> sync'ed to freeipa and none of the users on freeipa is sync'ed to ad,
> which is what I really cared for. Even a re-initialization from AD won't
> help (ipa-replica-manage re-initialize --from ad.example.com
> <http://ad.example.com> ). I have turned debugging on
> (nsslapd-errorlog-level to 8192), but did not see any obvious clue.
>
> Thanks in advance for any help!
This is working as designed. IPA-only users are not synced to AD. The
bidirectional part is that changes to an AD user synced to IPA on the
IPA side will be synced back to AD.
rob
More information about the Freeipa-users
mailing list