Bug 471132 - A user that is allowed to sync windows passwords is needed
A user that is allowed to sync windows passwords is needed
Status: CLOSED DUPLICATE of bug 471130
Product: freeIPA
Classification: Community
Component: winsync (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Simo Sorce
Chandrasekar Kannan
Depends On:
Blocks: 453489
  Show dependency treegraph
Reported: 2008-11-11 16:58 EST by Rob Crittenden
Modified: 2015-01-04 18:34 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-11-20 08:54:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Rob Crittenden 2008-11-11 16:58:41 EST
Description of problem:

The DS Windows PassSync code need to bind to the IPA DS as a user that has:
- permission to write the userPassword attribute
- can skip password policies so the password doesn't expire on the next use

We should pre-create this user in IPA so it is just a matter of using the right entry when setting up PassSync on an AD install.

This account will require a userPassword attribute. We can either set this to the DM password or prompt during an installation.

I'm not sure if this account should be cn=config or whether we should replicate it. Either way we probably need this on every master and replica (no way to tell where someone will attach AD).
Comment 1 Chandrasekar Kannan 2008-11-20 08:54:59 EST

*** This bug has been marked as a duplicate of bug 471130 ***

Note You need to log in before you can comment on or make changes to this bug.