[389-users] What to do about windows sync when AD entries move out of scope
Rich Megginson
rmeggins at redhat.com
Wed Aug 22 20:09:58 UTC 2012
Let's say you have a windows sync agreement
AD: cn=Users,dc=example,dc=com
DS: ou=People,dc=example,dc=com
Let's say you also have another user container in AD:
cn=OtherUsers,dc=example,dc=com
Let's say you have a user in AD in cn=Users in sync with a user in DS in
ou=People.
What should happen if you move the user in AD from cn=Users to
cn=OtherUsers? Should DS "disconnect" the entry (i.e. remote the ntuser
attributes) so the entry is no longer in sync? Should winsync do
something else?
Conversely, what should happen if a user is moved from cn=OtherUsers to
cn=Users? Should DS treat it as adding a new user or "connect" an
existing user if the userids match?
More information about the 389-users
mailing list