On 9/5/19 5:16 AM, DaV wrote:
Hi guys,
How can I sync account state from Windows AD to 389ds
1. account disabled
2. account lockout
3. password expired
I want to sync these attributes from Windows AD to 389ds, would you
please tell me? Thanks in advance.
Well according to the docs password policy is managed locally by each
server. There is no synchronization of password policy state:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10...
What it says to do is try as best you can to configure both AD's and
389's password policies to be the same: password expiration time, etc.
Then they should be enforced correctly on each system.
For account enabled/disabled, it looks like if you just enable the posix
winsync plugin it will sync some of the account disabled/enabled state
by default:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10...
I've never set this up, so I don't know if it will work, but give it a try.
Mark
Sincerely,
--
DaV
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
--
389 Directory Server Development Team