Patrick Larkin via FreeIPA-users wrote:
Hello,
We have a third-party software which needs to change other user's
passwords without requiring the user to choose a new one. It is able to
do this for local users in /etc/passwd, but not for IPA users. To try
to solve this, we've to set up a special account and given it the
following attribute: "passSyncManagersDNs:
uid=$ADMIN,cn=users,cn=accounts,$DC", and that works in combination with
"ldappasswd" and/or "ipa user-mod" commands. However, it seems to
work
only when performing the action on an IPA server. Is there a way we
could enable this account to perform the password on an IPA client
systems (not an IPA server)? How might we go about that?
How does it not work on client systems? Are you getting error messages?
Both methods end up changing data in LDAP which is then replicated so I
don't know why it wouldn't work.
rob