[Freeipa-users] Windows AD --> LDAP (oneWay)
Dmitri Pal
dpal at redhat.com
Thu Mar 12 22:28:20 UTC 2015
On 03/12/2015 05:59 PM, Rich Megginson wrote:
> On 03/12/2015 03:44 PM, Gonzalo Fernandez Ordas wrote:
>>
>> Thanks very much for the quick reply. And that was exactly the bit I
>> never fully understood, till now.
>>
>> is it known anyway of synchronising the passwords?
>
> No.
>
>> Any recommendations on those regards?
>
> Yes - use Trusts instead of sync.
http://www.freeipa.org/page/Active_Directory_trust_setup
>
>>
>> Thanks
>>
>>
>>
>> On 12/03/2015 22:13, Rich Megginson wrote:
>>> On 03/12/2015 03:07 PM, Gonzalo Fernandez Ordas wrote:
>>>> Hi
>>>>
>>>> I have successfully setup an AD---> freeipa Model and joining bits
>>>> and pieces from 389-ds I have setup a oneWaySinc fromWindows.
>>>> The issue I got for the last week is the pasword sync which does
>>>> not seem to work at all, it does not matter what I do in the AD
>>>> server I never get the passwords being transferred over.
>>>> I went through many manual pages, different versions and I do not
>>>> have clear if I need to run any ldapmodification at all!
>>>> This will be a onewaySync and I do not want the passwords being
>>>> replicated BACK to AD, also I read about the "reset" setting and I
>>>> am not sure if every single password needs to be reset at all?
>>>>
>>>> has anybody got any sort of definitive guide or maybe a clear path
>>>> to follow?
>>>
>>> http://www.port389.org/docs/389ds/howto/howto-windowssync.html#configuring-passsync
>>>
>>>
>>> Note that you have to change a password in AD in order for it to be
>>> sync'd to freeipa. PassSync will not sync already existing password.s
>>>
>>>>
>>>> Many thanks for all your help
>>>>
>>>> Gonzalo
>>>>
>>>
>>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list