Description of problem: When using a password change plugin on FDS like ipa-pwd-extop from the freeipa project, password changes are not replicated from FDS to AD NOTE: If I change the userPassword field using ldapmodify then the change is correctly replicated to AD, but ipa-pwd-extop never gets triggered so samba and kerberos password get out of sync How reproducible: Always Steps to Reproduce: Change a password on FDS using ipa-passwd, or kpasswd or ldappasswd Actual results: Password change is not replicated to AD Expected results: Password change should be replicated to Active Directory
Created attachment 307125 [details] Make IPA -> AD pass sync work again The attached patch should allow FDS to properly sync passwords again
verified and re-verified with different builds. bug closed The latest one used is 12-04-2008 daily build server32[12/04/08 15:54]~> rpm -qi ipa-server Name : ipa-server Relocations: (not relocatable) Version : 1.1.0 Vendor: Red Hat, Inc. Release : 7.2.el5ipa Build Date: Thu 04 Dec 2008 01:12:13 PM PST Install Date: Thu 04 Dec 2008 02:45:41 PM PST Build Host: hs20-bc1-2.build.redhat.com Group : System Environment/Base Source RPM: ipa-1.1.0-7.2.el5ipa.src.rpm Size : 1935947 License: GPLv2 Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.freeipa.org/ Summary : The IPA authentication server Description : IPA is an integrated solution to provide centrally managed Identity (machine, user, virtual machines, groups, authentication credentials), Policy (configuration settings, access control information) and Audit (events, logs, analysis thereof). If you are installing an IPA server you need to install this package (in other words, most people should NOT install this package).