2008/5/1 Alex Davies <alex(a)davz.net>:
Hi All,
We have an AD architecture setup, and are looking to sync FDS with
this to allow us to authenticate Linux machines and network devices.
We have two AD domains, and have a winsync and passsync setup with one
of the domain controllers in each domain. This works, subject to the
limitation that we have to manually create each OU. Once we create the
OU in FDS, the users appear at the next sync. Question 1: is it
possible to automatically sync *all* OU's, including creating the OU
in FDS if it does not exist? We have hundreds of OUs, and I don't want
to have to create them all manually.
For records, maybe you can use my perl scripts for that.
First for search all OU's automatically in a MS ADS:
http://wilmer.fedorapeople.org/scripts/ouSearch.pl
Question 2 is on UNIX UID/GID sync from AD. I've found a couple
of
posts which imply that it is not possible to sync UID/GUD from AD[1],
but this was some time ago. An alternative piece of documentation
suggests that it is, but provides no details[2]. I'm also struggling
to find documentation on the libdna plugin, which I believe is
involved[3].
My questions are
- Is it possible to sync UID/GID from AD (where AD has the Unix Tools
installed, and therefore has these attributes in the schema).
- Is it possible to automatically apply a unique UID/GID to each user
that does not have a UID/GID?
Once imported the list of OU's, the users can be imported into FDS and
create uid/gid automatically with:
http://wilmer.fedorapeople.org/scripts/ads2fds.pl
--
Wilmer Jaramillo M.
GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A