Erling Ringen Elvsrud wrote: > On Wed, Nov 5, 2008 at 3:24 PM, Rich Megginson <rmeggins at redhat.com> wrote: > [...] > >> That should work. But note that posix attributes will not sync to AD. And >> even if you did manage to find a posix schema that worked with AD, and added >> the posix schema on the AD side, those attributes would not be synced to >> Fedora DS. >> > > Thanks for your answer. > > I start to wonder if Windows sync is worth the trouble. At my site we > will probably not implement password sync as the AD-side is very > restrictive about installing anything. I hear this all the time - AD admins are very touchy about installing anything, especially some piece of random open source software that's going to intercept clear text passwords and send them who-knows-where > So what I get is basically a > skeleton that I have to populate with the posixUser attributes. > > Another issue is groups in AD. I suppose those groups will become > regular unix-groups on the directory server side, Yes. But note - not posix groups (posixGroup) but plain groups (groupOfUniqueNames) > which might not > be enough for all policing needs (may need netgroups in addition). > Sure. > We will probably have maximum a few hundred users in the directory, do > you think Windows-sync is worth the bother? > I suggest you take a look at Penrose http://docs.safehaus.org/display/PENROSE/Home > Erling > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
