Patrick Larkin via FreeIPA-users wrote: > Hello, > > We have a third-party software which needs to change other user's > passwords without requiring the user to choose a new one. It is able to > do this for local users in /etc/passwd, but not for IPA users. To try > to solve this, we've to set up a special account and given it the > following attribute: "passSyncManagersDNs: > uid=$ADMIN,cn=users,cn=accounts,$DC", and that works in combination with > "ldappasswd" and/or "ipa user-mod" commands. However, it seems to work > only when performing the action on an IPA server. Is there a way we > could enable this account to perform the password on an IPA client > systems (not an IPA server)? How might we go about that?
How does it not work on client systems? Are you getting error messages? Both methods end up changing data in LDAP which is then replicated so I don't know why it wouldn't work. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
