[Freeipa-users] oneWaySync affecting Password sync?
Andreas Calminder
Andreas.Calminder at nordnet.se
Fri Apr 29 16:00:18 UTC 2016
Hello,
The goal was that I wanted to just have passwords in sync, leaving attributes and what not to windows but mostly to protect from accidental deletes in IPA being carried out in the active directory. I've removed the onewaysync attribute and worked around it with limiting the permissions for the user handling the replication.
Thanks!
Andreas
On 29 Apr 2016 5:49 p.m., Rich Megginson <rmeggins at redhat.com> wrote:
>
> On 04/29/2016 09:44 AM, Rob Crittenden wrote:
> > Andreas Calminder wrote:
> >> Hello,
> >>
> >> I'm running ipa 4.2.0-15.el7 with winsync and wondering if setting
> >> oneWaySync to fromWindows will affect password synchronization from IPA
> >> to AD, I.E password changes from IPA will not be replicated to Windows?
> >>
> >
> > Hmm, interesting question, I'm not sure. What is your goal here? Do
> > you want to disallow attribute changes in IPA to be replicated but you
> > DO want passwords, or you don't want anything?
> >
> > ccing Rich to see what he thinks.
>
> AFAIK, there is no way to sync only passwords from IPA to AD. So if you
> set oneWaySync: fromWindows, you will not sync password changes from IPA
> to AD.
>
> >
> > rob
>
More information about the Freeipa-users
mailing list