Hello all:
I've been fiddling around off and on getting a fedora DS box sync'd with our AD server. The problem is, the way the users are arranged on the AD server, I'm not sure how to sync everything at once.
The layout (appropriately anonymized) on the AD server: - dc=example,dc=com |- ou=Groups | |- a bunch of groups | |- ou=Unit1 | |- a bunch of users belonging to one business unit | |- ou=Unit2 | |- more users, different business unit | |- ou=Users |- system users
On the DS side of things, I've manually created the appropriate OUs, but the question is - how do I configure the sync agreement to sync all the OUs at once? It only seems to work if I configure the sync agreement to a subtree including only one of the OUs.
I'm trying to do this without having to convince the AD administrator to change his odd layout of users - any ideas?
Thanks!
Jonas Courteau
Hello:
I was hoping someone, anyone, would have some ideas on this. Is it just expected that you'd only want to sync something like ou=Users,dc=example,dc=com?
Thanks!
Jonas Courteau
On Mon, 2008-10-20 at 15:31 -0700, Jonas Courteau wrote:
Hello all:
I've been fiddling around off and on getting a fedora DS box sync'd with our AD server. The problem is, the way the users are arranged on the AD server, I'm not sure how to sync everything at once.
The layout (appropriately anonymized) on the AD server:
- dc=example,dc=com
|- ou=Groups | |- a bunch of groups | |- ou=Unit1 | |- a bunch of users belonging to one business unit | |- ou=Unit2 | |- more users, different business unit | |- ou=Users |- system users
On the DS side of things, I've manually created the appropriate OUs, but the question is - how do I configure the sync agreement to sync all the OUs at once? It only seems to work if I configure the sync agreement to a subtree including only one of the OUs.
I'm trying to do this without having to convince the AD administrator to change his odd layout of users - any ideas?
Thanks!
Jonas Courteau
On 10/28/08, Jonas Courteau jonas.courteau@bravenet.com wrote:
Hello:
I was hoping someone, anyone, would have some ideas on this. Is it just expected that you'd only want to sync something like ou=Users,dc=example,dc=com?
According to the Red Hat Directory Server 8.0 Administrator's guide:
"A single Active Directory subtree is synchronized with a single Directory Server Subtree, and vice versa. Unlike replication, which connects databases, synchronization is between suffixes, parts of the directory tree structure."
So you probably have to to set up one synchronization agreement for each ou you want to synchronize.
Erling
389-users@lists.fedoraproject.org