[Freeipa-users] Forcing passync to periodically sync passwords

pgb205 pgb205 at yahoo.com
Tue May 24 17:36:29 UTC 2016 

Alexander, thank you for such a quick reply.
The reason im looking at this is that I want to synchronize from AD to several FIPA domains, but as you mention it's only1-1 passync option. This results in my not being able to synchronize passwords to second idm domain.
Other options I've considered are:1. Run multiple instances of passsync on each DC. Both will intercept password change but will send to different ipa replicas in different freeipa domains.
>From this link it doesn't seem to be possible however#48174 (RFE: Support for running multiple instances of the PassSync service) – 389 Project

  
|  
|   
|   
|   |    |

   |

  |
|  
|   |  
#48174 (RFE: Support for running multiple instances of the PassSync service...
   |   |

  |

  |

 
2. backing up/copying freeipa database that does have user/pass to second idm domainThis is not something I'm looking to do but if there is no other way I'd be willing to consider somehow grabbing files from ipa-repplica.domain.comand moving to ipa-server.example.net. Is this a route that's even worth looking into ?
Any other options that you are aware of to make this setup possible. 1AD->FIPA1.com                                                                                                                               ->FIPA2.comwith password replication to both?
thanks

      From: Alexander Bokovoy <abokovoy at redhat.com>
 To: pgb205 <pgb205 at yahoo.com> 
Cc: Freeipa-users <freeipa-users at redhat.com>
 Sent: Tuesday, May 24, 2016 12:22 PM
 Subject: Re: [Freeipa-users] Forcing passync to periodically sync passwords
   
On Tue, 24 May 2016, pgb205 wrote:
>Currently passync is only triggered one the domain controller where the
>password change is made.Is there a way to trigger passync to run
>periodically and resend information to freeipa even if there are no
>changes?
Passsync implements an interface on AD DC side that is activated only
when AD user changes the password. There is no way to access clear text
password at other time.


-- 
/ Alexander Bokovoy


  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160524/ee08def3/attachment.htm>

More information about the Freeipa-users mailing list