Alex Davies wrote: > Hi All, > > We have an AD architecture setup, and are looking to sync FDS with > this to allow us to authenticate Linux machines and network devices. > > We have two AD domains, and have a winsync and passsync setup with one > of the domain controllers in each domain. This works, subject to the > limitation that we have to manually create each OU. Once we create the > OU in FDS, the users appear at the next sync. Question 1: is it > possible to automatically sync *all* OU's, including creating the OU > in FDS if it does not exist? We have hundreds of OUs, and I don't want > to have to create them all manually. > Not sure. But I suppose it could be scripted if the init AD sync process does not create them. > Question 2 is on UNIX UID/GID sync from AD. I've found a couple of > posts which imply that it is not possible to sync UID/GUD from AD[1], > That is correct. > but this was some time ago. An alternative piece of documentation > suggests that it is,but provides no details[2]. It just says that you can have the directory server automatically assign uidNumber and gidNumber. It doesn't say anything about AD sync. > I'm also struggling > to find documentation on the libdna plugin, which I believe is > involved[3]. > We're working on it. > My questions are > - Is it possible to sync UID/GID from AD (where AD has the Unix Tools > installed, and therefore has these attributes in the schema). > No, not yet. We have to add support for the posix schema to our AD sync mechanism. This is on the roadmap. > - Is it possible to automatically apply a unique UID/GID to each user > that does not have a UID/GID? > Not after the fact. You'll have to write a script to do that. > Any help/pointers greatly appreciated. > > Many thanks, > > Alex > > > [1] http://www.redhat.com/archives/fedora-directory-users/2007-February/msg00111.html > [2] "Fedora DS gets posix/unix automatic uid generation (February 08, 2007) > The cvs head now contains a new feature for automatic generation of > sequenced numbers which is compatible with multi-master replication > environments. This feature can be used for automatic generation of > posix uidNumber and gidNumber in addition to other sequenced numeric > attributes required by your deployment. " > http://directory.fedoraproject.org/ > [3] About the only referenceI can find: > http://www.redhat.com/archives/fedora-directory-users/2008-January/msg00081.html > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080430/353dff63/attachment.bin
