Hi,
On Thu, Jun 9, 2022 at 8:58 AM Ronald Wimmer via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
On 25.04.22 18:21, Ronald Wimmer via FreeIPA-users wrote:
> We managed to use IPA users as AIX users in our environment.
> Preferrably, we would like to use users from an AD group directly what
> does not seem to be possible without SSSD for AIX, right?
>
> As an alternative it would be great to synchronize users in a specific
> AD group to IPA users. I already have a draft of a python script in mind
> that could do the job.
>
> Is there any way go synchronize a user's password from AD?
After doing some research I found out that there are some products on
the market which are capable of doing that. So, what's the point here?
What is needed to make that possible?
Could someone with a deeper AD understanding shade a little light into
this matter?
IdM also provides a synchronization feature (between AD and IdM, please
refer to
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
and more specifically
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
).
The synchronization of passwords requires a service to be installed and
configured on AD domain controllers. It cannot sync already existing
passwords (because they are stored in a hashed form) but is able to capture
password addition/changes and synchronize the new password to IdM.
Please note however that the doc states the following:
In some integration scenarios, the user synchronization may be the only
available option, but in general, use of the synchronization approach is
discouraged in favor of the cross-realm trust-based integration
HTH,
flo
Cheers,
Ronald
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure