[Freeipa-users] Password sync settings not working
Martin Kosek
mkosek at redhat.com
Mon Jun 13 07:35:53 UTC 2016
On 06/10/2016 01:59 AM, Joshua J. Kugler wrote:
> Howdy!
>
> We are trying to set up password sync. I have read this:
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#password-sync
>
> I have added that attribute:
> echo -e 'dn: cn=ipa_pwd_extop,cn=plugins,cn=config\nchangetype: modify\nadd:
> passSyncManagersDNs\npassSyncManagersDNs:
> uid=admin,cn=users,cn=accounts,dc=example,dc=com' | ldapmodify -x -D
> 'cn=Directory Manager' -w {{ ipaserver_dir_admin_password }} -h localhost -p
> 389
>
> However, when I reset a password as the 'admin' user, the user's password is
> still set to expired. This is CentOS 7 with the latest FreeIPA there.
>
> What might I be missing?
I would try to double check that the passSyncManagersDNs is indeed filled
properly in the plugin configuration. Base ldapsearch will help.
Then I would also recommend checking your global password policy "ipa
pwpolicy-show" to make sure that you for example do not have the password max
life set to 0, which would cause this behavior in current FreeIPA version.
Martin
More information about the Freeipa-users
mailing list