[Freeipa-users] Password sync settings not working
Joshua J. Kugler
joshua at azariah.com
Sat Jul 2 20:01:49 UTC 2016
Thanks. In a case of extreme PEBKAC, I had copied the example and failed to
update the DN. It works now.
j
On Monday, June 13, 2016 09:35:53 Martin Kosek wrote:
> On 06/10/2016 01:59 AM, Joshua J. Kugler wrote:
> > Howdy!
> >
> > We are trying to set up password sync. I have read this:
> >
> > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/h
> > tml-single/Windows_Integration_Guide/index.html#password-sync
> >
> > I have added that attribute:
> > echo -e 'dn: cn=ipa_pwd_extop,cn=plugins,cn=config\nchangetype:
> > modify\nadd: passSyncManagersDNs\npassSyncManagersDNs:
> > uid=admin,cn=users,cn=accounts,dc=example,dc=com' | ldapmodify -x -D
> > 'cn=Directory Manager' -w {{ ipaserver_dir_admin_password }} -h localhost
> > -p 389
> >
> > However, when I reset a password as the 'admin' user, the user's password
> > is still set to expired. This is CentOS 7 with the latest FreeIPA there.
> >
> > What might I be missing?
>
> I would try to double check that the passSyncManagersDNs is indeed filled
> properly in the plugin configuration. Base ldapsearch will help.
>
> Then I would also recommend checking your global password policy "ipa
> pwpolicy-show" to make sure that you for example do not have the password
> max life set to 0, which would cause this behavior in current FreeIPA
> version.
>
> Martin
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
joshua at azariah.com - Jabber: pedahzur at gmail.com
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A
More information about the Freeipa-users
mailing list