Red Hat Bugzilla – Bug 869656
Improve information on passsync user in man page, command help
Last modified: 2015-02-14 09:16:47 EST
This bug is created as a clone of upstream ticket:
There is some confusion about the passsync user because our language is very misleading in the command-line help:
--passsync=PASSSYNC Password for the Windows PassSync user
and not much better in the man page:
Password for the Windows PassSync user. Required when using
--winsync. This does not mean you have to use the PassSync service
The passsync user is a special bind user we create for the Windows PassSync service to use to change passwords in IPA. It skips over policy checking because it is assumed that AD has already done this, and by the time we get the password it is too late to reject it. The password is also created as non-expired.
Improved help in tool and man page.
[root@ratchet ~]# man ipa-replica-manage
Password for the IPA system user used by the Windows PassSync plugin to synchronize
passwords. Required when using --winsync. This does not mean you have to use the
[root@ratchet ~]# ipa-replica-manage --help | grep -i passsync
--passsync=PASSSYNC Password for the IPA system user used by the Windows
PassSync plugin to synchronize passwords
Verified in version
[root@ratchet ~]# rpm -qa | grep ipa-server
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.