[Freeipa-users] FreeIPA and Active Directory Password Synchronisation
Toby Gale
toby.gale at gmail.com
Fri Jun 17 11:40:31 UTC 2016
Hello,
After successfully adding a 'winsync' agreement and loading AD data into
FreeIPA I am trying to configure the password sync software on the domain
controllers.
I have installed the certificates and can successfully bind from the domain
controller using ldp.exe and the
'uid=passsync,cn=sysaccounts,cn=etc,dc=my,dc=domain,dc=com' user.
I have edited the registry to increase logging, by setting
'HKEY_LOCAL_MACHINE\SOFTWARE\PasswordSync\Log
Level' to '1' and I am seeing the error:
06/17/16 08:47:32: Backoff time expired. Attempting sync
06/17/16 08:47:32: Password list has 1 entries
06/17/16 08:47:32: Attempting to sync password for some.user
06/17/16 08:47:32: Searching for (ntuserdomainid=some.user)
06/17/16 08:47:32: Ldap error in QueryUsername
34: Invalid DN syntax
06/17/16 08:47:32: Deferring password change for some.user
06/17/16 08:47:32: Backing off for 1024000ms
When I run the query from the CLI, it is successful:
$ ldapsearch -x -h ldaps://localhost -p 636 -D
'uid=passsync,cn=sysaccounts,cn=etc,dc=dc,my=domain,dc=com' -w 'password'
-b 'cn=users,cn=accounts,dc=my,dc=domain,dc=com'
'(ntuserdomainid=some.user)'
Can anyone help me resolve this?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160617/e159f3b3/attachment.htm>
More information about the Freeipa-users
mailing list