[Freeipa-users] Forcing passync to periodically sync passwords
pgb205
pgb205 at yahoo.com
Tue May 24 17:36:29 UTC 2016
Alexander, thank you for such a quick reply.
The reason im looking at this is that I want to synchronize from AD to several FIPA domains, but as you mention it's only1-1 passync option. This results in my not being able to synchronize passwords to second idm domain.
Other options I've considered are:1. Run multiple instances of passsync on each DC. Both will intercept password change but will send to different ipa replicas in different freeipa domains.
>From this link it doesn't seem to be possible however#48174 (RFE: Support for running multiple instances of the PassSync service) – 389 Project
|
|
|
| | |
|
|
|
| |
#48174 (RFE: Support for running multiple instances of the PassSync service...
| |
|
|
2. backing up/copying freeipa database that does have user/pass to second idm domainThis is not something I'm looking to do but if there is no other way I'd be willing to consider somehow grabbing files from ipa-repplica.domain.comand moving to ipa-server.example.net. Is this a route that's even worth looking into ?
Any other options that you are aware of to make this setup possible. 1AD->FIPA1.com ->FIPA2.comwith password replication to both?
thanks
From: Alexander Bokovoy <abokovoy at redhat.com>
To: pgb205 <pgb205 at yahoo.com>
Cc: Freeipa-users <freeipa-users at redhat.com>
Sent: Tuesday, May 24, 2016 12:22 PM
Subject: Re: [Freeipa-users] Forcing passync to periodically sync passwords
On Tue, 24 May 2016, pgb205 wrote:
>Currently passync is only triggered one the domain controller where the
>password change is made.Is there a way to trigger passync to run
>periodically and resend information to freeipa even if there are no
>changes?
Passsync implements an interface on AD DC side that is activated only
when AD user changes the password. There is no way to access clear text
password at other time.
--
/ Alexander Bokovoy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160524/ee08def3/attachment.htm>
More information about the Freeipa-users
mailing list