Re: [Freeipa-users] oneWaySync affecting Password sync?

2016-04-29 Thread Andreas Calminder 
Hello,
The goal was that I wanted to just have passwords in sync, leaving attributes 
and what not to windows but mostly to protect from accidental deletes in IPA 
being carried out in the active directory. I've removed the onewaysync 
attribute and worked around it with limiting the permissions for the user 
handling the replication.

Thanks!
Andreas

On 29 Apr 2016 5:49 p.m., Rich Megginson  wrote:
>
> On 04/29/2016 09:44 AM, Rob Crittenden wrote:
> > Andreas Calminder wrote:
> >> Hello,
> >>
> >> I'm running ipa 4.2.0-15.el7 with winsync and wondering if setting
> >> oneWaySync to fromWindows will affect password synchronization from IPA
> >> to AD, I.E password changes from IPA will not be replicated to Windows?
> >>
> >
> > Hmm, interesting question, I'm not sure. What is your goal here? Do 
> > you want to disallow attribute changes in IPA to be replicated but you 
> > DO want passwords, or you don't want anything?
> >
> > ccing Rich to see what he thinks.
>
> AFAIK, there is no way to sync only passwords from IPA to AD.  So if you 
> set oneWaySync: fromWindows, you will not sync password changes from IPA 
> to AD.
>
> >
> > rob
>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] oneWaySync affecting Password sync?

2016-04-29 Thread Rich Megginson 

On 04/29/2016 09:44 AM, Rob Crittenden wrote:

Andreas Calminder wrote:

Hello,

I'm running ipa 4.2.0-15.el7 with winsync and wondering if setting
oneWaySync to fromWindows will affect password synchronization from IPA
to AD, I.E password changes from IPA will not be replicated to Windows?



Hmm, interesting question, I'm not sure. What is your goal here? Do 
you want to disallow attribute changes in IPA to be replicated but you 
DO want passwords, or you don't want anything?


ccing Rich to see what he thinks.


AFAIK, there is no way to sync only passwords from IPA to AD.  So if you 
set oneWaySync: fromWindows, you will not sync password changes from IPA 
to AD.




rob


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] oneWaySync affecting Password sync?

2016-04-29 Thread Rob Crittenden 

Andreas Calminder wrote:

Hello,

I'm running ipa 4.2.0-15.el7 with winsync and wondering if setting
oneWaySync to fromWindows will affect password synchronization from IPA
to AD, I.E password changes from IPA will not be replicated to Windows?



Hmm, interesting question, I'm not sure. What is your goal here? Do you 
want to disallow attribute changes in IPA to be replicated but you DO 
want passwords, or you don't want anything?


ccing Rich to see what he thinks.

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] oneWaySync affecting Password sync?

2016-04-29 Thread Andreas Calminder 

Hello,

I'm running ipa 4.2.0-15.el7 with winsync and wondering if setting 
oneWaySync to fromWindows will affect password synchronization from IPA 
to AD, I.E password changes from IPA will not be replicated to Windows?


Best regards,

Andreas

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project