users in the ad are most of the time organized in ou's because of gpo's that should applie to that user

so "distributed" users are common.

do I really have to keep the groups manually in sync?

cheers

christian

Gesendet: Sonntag, 25. Mai 2014 um 22:52 Uhr
Von: "DuWayne Holsbeck" <drh@niptron.com>
An: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>, "Christian Zimmermann" <chris612@gmx.de>
Betreff: Re: [389-users] winsync - group membership and different ou's

that's what I found, I synced the DS to the AD root suffix and everything seems to work fine. As long as AD and DS users and groups use the same OU structure. Users and Groups on DS and AD are in the same OUs. Your milage may very.

On May 25, 2014 3:08:42 PM CDT, Christian Zimmermann <chris612@gmx.de> wrote:

HI everybody,

I'm using 389 with our AD (2k8) to sync users and groups.

Basically everything works, except the group membership of users that are not

in the same OU as the group.

Memberships of users that are in test_ou01 will not getting synced if the group is in test_ou02.

The Membership gets synced if the user and the group he belongs to are in the same ou.

Is this a limitation of the winsync agreement or am I missing something?

cheers

christian
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.