[389-users] What to do about windows sync when AD entries move out of scope
Mark Reynolds
mareynol at redhat.com
Wed Aug 22 20:18:44 UTC 2012
On 08/22/2012 04:09 PM, Rich Megginson wrote:
> Let's say you have a windows sync agreement
> AD: cn=Users,dc=example,dc=com
> DS: ou=People,dc=example,dc=com
>
> Let's say you also have another user container in AD:
> cn=OtherUsers,dc=example,dc=com
>
> Let's say you have a user in AD in cn=Users in sync with a user in DS
> in ou=People.
>
> What should happen if you move the user in AD from cn=Users to
> cn=OtherUsers? Should DS "disconnect" the entry (i.e. remote the
> ntuser attributes) so the entry is no longer in sync? Should winsync
> do something else?
Is it feasible to "mark" the entry as moved, or placed it in some kind
of list, and then use a config option on whether to keep it in sync or not?
>
> Conversely, what should happen if a user is moved from cn=OtherUsers
> to cn=Users? Should DS treat it as adding a new user or "connect" an
> existing user if the userids match?
Depending if it is "marked" or not, we would know what to do with it.
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Mark Reynolds
Senior Software Engineer
Red Hat, Inc
mreynolds at redhat.com
More information about the 389-users
mailing list