On Thu, Jun 9, 2022 at 8:58 AM Ronald Wimmer via FreeIPA-users <
On 25.04.22 18:21, Ronald Wimmer via FreeIPA-users wrote:
> We managed to use IPA users as AIX users in our environment.
> Preferrably, we would like to use users from an AD group directly what
> does not seem to be possible without SSSD for AIX, right?
> As an alternative it would be great to synchronize users in a specific
> AD group to IPA users. I already have a draft of a python script in mind
> that could do the job.
> Is there any way go synchronize a user's password from AD?
After doing some research I found out that there are some products on
the market which are capable of doing that. So, what's the point here?
What is needed to make that possible?
Could someone with a deeper AD understanding shade a little light into
IdM also provides a synchronization feature (between AD and IdM, please
and more specifically
The synchronization of passwords requires a service to be installed and
configured on AD domain controllers. It cannot sync already existing
passwords (because they are stored in a hashed form) but is able to capture
password addition/changes and synchronize the new password to IdM.
Please note however that the doc states the following:
In some integration scenarios, the user synchronization may be the only
available option, but in general, use of the synchronization approach is
discouraged in favor of the cross-realm trust-based integration
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam on the list, report it: