I'm currently flying back from FOSDEM, so please forgive me for a short answer but I
do not recommend you to add unicodepwd storage. That's most likely will not help you
and will only complicate things when we merge the global catalog work we do.
There are still missing parts in FreeIPA and Samba that would have helped to make two way
trust part properly working. Adding unicodepwd is not one of them, for sure.
----- Lucas Diedrich via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
wrote:
Rob, can you confirm if this website
https://www.freeipa.org/page/Build is
the default guide for building freeipa ?
Em qui., 30 de jan. de 2020 às 16:34, Rob Crittenden <rcritten(a)redhat.com>
escreveu:
> Lucas Diedrich wrote:
> > Rob, is this what you talking
> > about?
>
https://github.com/freeipa/freeipa/tree/master/daemons/ipa-slapi-plugins ?
>
> Yes, in ipa-pwd-extop. When a password change comes in we grab the
> cleartext and generate the other keys from it so that all the passwords
> in IPA are in sync.
>
> rob
>
> >
> >
> >
> > Em qui., 30 de jan. de 2020 às 15:41, Rob Crittenden
> > <rcritten(a)redhat.com <mailto:rcritten@redhat.com>> escreveu:
> >
> > Lucas Diedrich via FreeIPA-users wrote:
> > > Thanks RC, right now i'm using
lsc-project.org
> > <
http://lsc-project.org> <
http://lsc-project.org>
> > > for that, it has some technical flaws but actually works.
> > >
> > > I thought about migrating all users to AD and use passsync, to
> > replicate
> > > the password but i didn't know that it was closed to redhat
> > > subscription. Also thought about creating the plugin over
> > Directory 389
> > > but the documentation doesn't seem easy to-do.
> > >
> > > Actually i'm strungling to maintain my Freeipa Server with 11k
> userss
> > > as the principal manager over here.
> >
> > You could probably extend the IPA password plugin to write the
> > UnicodePwd attribute in the correct format. There are existing
> examples
> > in the code such as setting the sambaNTPassword attribute.
> >
> > rob
> >
> > >
> > > Thanks.
> > >
> > >
> > >
> > > Em qua., 29 de jan. de 2020 às 15:59, Rob Crittenden
> > > <rcritten(a)redhat.com <mailto:rcritten@redhat.com>
> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>
escreveu:
> > >
> > > LUCAS GUILHERME DIEDRICH via FreeIPA-users wrote:
> > > > Hello guys, is there any change for storing the password
over
> > > freeipa it generate an password with the unicodepwd format?
> > >
> > > No, it is not supported currently.
> > >
> > > >
> > > > I'm still trying to replicate some users from freeipa to
AD,
> i
> > > would like to mantain my Freeipa as the principal manager for
> > users
> > > and groups.
> > >
> > > How are you replicating IPA users to AD?
> > >
> > > rob
> > >
> > >
> > >
> > > _______________________________________________
> > > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> > <mailto:freeipa-users@lists.fedorahosted.org>
> > > To unsubscribe send an email to
> > freeipa-users-leave(a)lists.fedorahosted.org
> > <mailto:freeipa-users-leave@lists.fedorahosted.org>
> > > Fedora Code of Conduct:
> >
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > List Guidelines:
> >
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > List Archives:
> >
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> > >
> >
>
>