Red Hat Bugzilla – Bug 471132
A user that is allowed to sync windows passwords is needed
Last modified: 2015-01-04 18:34:50 EST
Description of problem:
The DS Windows PassSync code need to bind to the IPA DS as a user that has:
- permission to write the userPassword attribute
- can skip password policies so the password doesn't expire on the next use
We should pre-create this user in IPA so it is just a matter of using the right entry when setting up PassSync on an AD install.
This account will require a userPassword attribute. We can either set this to the DM password or prompt during an installation.
I'm not sure if this account should be cn=config or whether we should replicate it. Either way we probably need this on every master and replica (no way to tell where someone will attach AD).
*** This bug has been marked as a duplicate of bug 471130 ***