Re: Windows sync: how do you populate the posixUser attributes?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm not very into fedora/redhat direcoty server (DS), but thought I'd just
drop a quick question: It doesn't seems like Windows Sync is intended for
syncing  AD users to DS so that users defined on AD can be allowed to log
into Linux machines. It is possible to get this working, however, through a
series of manual steps. So what is the intended purpose for Windows Sync, if
I might ask, as it seems a lot simpler just to manage everything directly
from DS without syncing with AD?


Regards,
Kenneth Holter


On 11/6/08, Rich Megginson <rmeggins at redhat.com> wrote:
>
> Erling Ringen Elvsrud wrote:
>
>> On Wed, Nov 5, 2008 at 3:24 PM, Rich Megginson <rmeggins at redhat.com>
>> wrote:
>> [...]
>>
>>
>>> That should work.  But note that posix attributes will not sync to AD.
>>>  And
>>> even if you did manage to find a posix schema that worked with AD, and
>>> added
>>> the posix schema on the AD side, those attributes would not be synced to
>>> Fedora DS.
>>>
>>>
>>
>> Thanks for your answer.
>>
>> I start to wonder if Windows sync is worth the trouble. At my site we
>> will probably not implement password sync as the AD-side is very
>> restrictive about installing anything.
>>
> I hear this all the time - AD admins are very touchy about installing
> anything, especially some piece of random open source software that's going
> to intercept clear text passwords and send them who-knows-where
>
>> So what I get is basically a
>> skeleton that I have to populate with the posixUser attributes.
>>
>> Another issue is groups in AD. I suppose those groups will become
>> regular unix-groups on the directory server side,
>>
> Yes.  But note - not posix groups (posixGroup) but plain groups
> (groupOfUniqueNames)
>
>> which might not
>> be enough for all policing needs (may need netgroups in addition).
>>
>>
> Sure.
>
>> We will probably have maximum a few hundred users in the directory, do
>> you think Windows-sync is worth the bother?
>>
>>
> I suggest you take a look at Penrose
> http://docs.safehaus.org/display/PENROSE/Home
>
>> Erling
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20081107/3b5333d9/attachment.html
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux