2008/5/1 Alex Davies <alex at davz.net>: > Hi All, > > We have an AD architecture setup, and are looking to sync FDS with > this to allow us to authenticate Linux machines and network devices. > > We have two AD domains, and have a winsync and passsync setup with one > of the domain controllers in each domain. This works, subject to the > limitation that we have to manually create each OU. Once we create the > OU in FDS, the users appear at the next sync. Question 1: is it > possible to automatically sync *all* OU's, including creating the OU > in FDS if it does not exist? We have hundreds of OUs, and I don't want > to have to create them all manually. For records, maybe you can use my perl scripts for that. First for search all OU's automatically in a MS ADS: http://wilmer.fedorapeople.org/scripts/ouSearch.pl > Question 2 is on UNIX UID/GID sync from AD. I've found a couple of > posts which imply that it is not possible to sync UID/GUD from AD[1], > but this was some time ago. An alternative piece of documentation > suggests that it is, but provides no details[2]. I'm also struggling > to find documentation on the libdna plugin, which I believe is > involved[3]. > My questions are > - Is it possible to sync UID/GID from AD (where AD has the Unix Tools > installed, and therefore has these attributes in the schema). > - Is it possible to automatically apply a unique UID/GID to each user > that does not have a UID/GID? Once imported the list of OU's, the users can be imported into FDS and create uid/gid automatically with: http://wilmer.fedorapeople.org/scripts/ads2fds.pl -- Wilmer Jaramillo M. GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A
