On Wed, Nov 5, 2008 at 3:24 PM, Rich Megginson <rmeggins at redhat.com> wrote: [...] > That should work. But note that posix attributes will not sync to AD. And > even if you did manage to find a posix schema that worked with AD, and added > the posix schema on the AD side, those attributes would not be synced to > Fedora DS. Thanks for your answer. I start to wonder if Windows sync is worth the trouble. At my site we will probably not implement password sync as the AD-side is very restrictive about installing anything. So what I get is basically a skeleton that I have to populate with the posixUser attributes. Another issue is groups in AD. I suppose those groups will become regular unix-groups on the directory server side, which might not be enough for all policing needs (may need netgroups in addition). We will probably have maximum a few hundred users in the directory, do you think Windows-sync is worth the bother? Erling
