I have a replication setup (389 and AD):
389-Directory/1.3.2.19 B2014.201.1231
We are implementing password police on both side (and password expiration). When the account has expired on AD side (It means that on AD side I have the flag "user must change password" set on an user) , when I try to change password on 389 side, I see the following error:
[03/Jul/2017:10:47:07 -0300] NSMMReplicationPlugin - windows sync - agmt="cn=AD - GTI-DF-DC01" (gti-df-dc01:636): AD entry CN=Teste Marcelo,OU,test,DC=my,DC=domain set "user must change password at next logon".
And the password is not changed on AD side.
I thought that could be something about permission on my replication login, so I made a script in perl to change password directly on my AD, and with this script (using the same login that I uses on my replication) the password is changed.
Can you detail me a little bit better how replication occurs? Or point me why when this flag is set the replication plugin is not be able to change the password on AD side?
My first guess is:
The replication plugin try to bind this user first (to check if the user already has this password) and when receives this error (user must change password), so it does not try to change the password.
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx