RedHat IDM user to Active Directory

Latest response

Is it possible if we create user in RedHat IDM and sync to Active Directory. if yes then how.

cv
Log in to join the conversation

Responses

cv Community Member 40 points
29 September 2015 2:54 PM

Pleas udpate on it

Christian Horn's picture Red Hat Guru 3593 points
30 September 2015 8:17 AM

Hello,
as per product documentation
"An alternative to a trust-based solution is to leverage user synchronization capability, also available in IdM or Red Hat Directory Server (RHDS), allowing user accounts (and with RHDS also group accounts) to be synchronized from AD to IdM or RHDS."

So the direction for sync is from AD to IdM, not the other way around.
I recommend to open a Red Hat Support case, stating the toplevel requirements and discussing the options with us.

cheers, Chris

Arpit Tolani's picture Red Hat Expert 1083 points
30 September 2015 9:06 AM

IIRC, We can sync users from IPA to AD also.

Setup winsync like this, You need your AD on SSL.

#  ipa-replica-manage connect --winsync  --binddn cn=administrator,cn=users,dc=pnq,dc=redhat,dc=com --bindpw red@123hat --passsync redhat12  --cacert /root/ca.cert  adsys2k8.pnq.redhat.com -v

If you want to sync only from IPA to Windows.

Make sure oneWaySync attribute is specified in the Windows Replication agreement.
dn: cn=meTowin2k81.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
.....
oneWaySync: toWindows

Hope that helps.

cv Community Member 40 points
30 September 2015 10:45 AM

It means if we create any user in RedHat 7.1 IDM can not be synced to Active Directory.

Please correct me if I am wrong.

cv Community Member 40 points
30 September 2015 11:30 AM

ipa-replica-manage connect --winsync --binddn='cn=Administrator,cn=Users,dc=nehru,dc=net' --bindpw=''1234567AA8' --cacert=/root/CA.crt --passsync='redhat' windowsad.nehru.net --win-subtree="dc=nehru,dc=net"

I already used it but it syncs only users from Active Directory to IDM. But if I create user on IDM it does not sync to AD. And I want both way saync. Means user create on IDM sync to AD. And vice versa

cv Community Member 40 points
30 September 2015 12:13 PM

Please update here..

cv Community Member 40 points
30 September 2015 3:36 PM

I am pretty sure it seems there is issue in RedHat IDM documentation, IDM User can not be synced to Active Directory. Only Active Directory user can be synced to IDM.

FJ Red Hat Expert 1059 points
1 October 2015 1:11 AM

Hello Tobey,

As Chris outlined before in his update , So the direction for sync is from AD to IdM, not the other way around.
If you would like more assistance with a specific requirement , please go ahead and open a support ticket with Red Hat technical support.

Frank

cv Community Member 40 points
1 October 2015 3:38 AM

Thank you this is what I want to confirm from you guys. As per your redhat documentation, it is really really very confusing statement and diagram therefore I opend this forum here. And also your some redhat guys says like "Arpit Tolani" that yes we can sync user from IDM to Active Directory.

But thank you very much I am very clear now that we can not sync user which we create on IDM to Active Directory.

ap Red Hat Community Member 20 points
1 October 2015 1:26 PM

Hello Tobey,

We will review the corresponding part of the Windows Integration Guide and update it as necessary. Thank you for bringing this problem to our attention, and I'm sorry if it caused you any trouble.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.