[389-users] Syncing AD groups and multiple (samba) domains
Orion Poplawski
orion at cora.nwra.com
Thu Jul 5 21:52:52 UTC 2012
On 07/03/2012 10:49 AM, Rich Megginson wrote:
> On 07/03/2012 10:45 AM, Orion Poplawski wrote:
>> We are looking to sync our groups between our ldap server and an AD server.
>> Our LDAP server also serves a samba domain for one of our offices. As a
>> result we have Domain Admins and Domain Computers groups for the samba
>> domain that we don't want to conflict with the AD groups of the same names.
>>
>> So it seems like we should move the samba domain groups into a different
>> part of the tree. But we would still want to have a common shared group
>> area that is visible by all. Any suggestions as to how to achieve this?
>
> Unless AD stores these groups in a different place in the tree, not in the
> scope of other groups, I don't think it is possible with 389. Please file a
> ticket.
>
Is there some way to make a specific subtree (e.g.
ou=cora,ou=Groups,dc=nwra,dc=com) consistent of entries in that sub-tree plus
entries (but not sub-trees) in the parent node (ou=Groups,dc=nwra,dc=com)?
That was the different domains could point to their specific sub-tree for
private entries but still share some. I guess the common directory doesn't
need to be the parent, which might make it easier.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list