[Freeipa-users] nothing sync'ed to AD
Petr Spacek
pspacek at redhat.com
Thu Apr 17 16:17:23 UTC 2014
On 17.4.2014 16:16, Rob Crittenden wrote:
> Will Last wrote:
>> Hi,
>>
>> I have got a freeipa server (pa-server-3.0.0-37) running on centos 6.5
>> and am trying to set up sync with/to AD on win 2008/R2, basically
>> following
>> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/active-directory.html.
>>
>> The sync agreement is bi-directional by default. But only AD users are
>> sync'ed to freeipa and none of the users on freeipa is sync'ed to ad,
>> which is what I really cared for. Even a re-initialization from AD won't
>> help (ipa-replica-manage re-initialize --from ad.example.com
>> <http://ad.example.com> ). I have turned debugging on
>> (nsslapd-errorlog-level to 8192), but did not see any obvious clue.
>>
>> Thanks in advance for any help!
>
> This is working as designed. IPA-only users are not synced to AD. The
> bidirectional part is that changes to an AD user synced to IPA on the IPA side
> will be synced back to AD.
Maybe you will be more interested in
http://www.freeipa.org/page/Trusts
Let us know if you have any question!
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list