[389-users] (no subject)
Theodotos Andreou
theodotos.andreou at cut.ac.cy
Thu Feb 11 07:14:56 UTC 2010
Guys I' ve seen this warning on the 8.1 Administration Guide:
WARNING
There can only be a single sync agreement between the Directory Server
environment and the Active Directory environment. Multiple sync
agreements to the same Active Directory domain can create entry
conflicts.
Ref:
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Windows_Sync.html
In my scenario I have many OUs under the AD synchronized subtree eg
ou=dep1,dc=example,dc=com , ou=dep2,dc=example,dc=com , etc. I tried to
synchronize the whole subtree dc=example,dc=com to the respective tree
on DS but this fails due to schema incompatibilities. So I created one
sync agreement per OU and it seems to be working as expected in my test
environment. What that warning above is all about? What could possibly
go wrong if you use multiple sync agreements. How can there be entry
conflicts if each synchronized subtree is different from the other?
Another issue I have is that when users are disabled on the AD they are
still active on the DS. An obvious workaround is to change the password
of the disabled user so he can not use his account on AD but it would be
nice if their is a solution to avoid this. Any ideas?
More information about the 389-users
mailing list