Kenneth Holter wrote: > > The IPA documentation states that it ships with (Fedora/Red Hat) > Directory Server. Won't we get the same sync issues with (free/Red > Hat) IPA as with Directory Server alone? No. IPA winsync (coming Real Soon Now) extends regular DS windows sync in a couple of ways: * AD users synced over to IPA will get the full kerberos and posix (and other) schema, including a uidNumber automatically assigned. * If a user is disabled in AD, that user will be disabled in IPA, and vice versa * There is the ability to force sync - if there is an already existing IPA user with the same user id (uid attribute) as an already existing AD user (samAccountName attribute) they will be automatically synced - you do not have to manually add the ntUser objectclass and ntUserDomainID attribute with the samAccountName value to the IPA entry > > And is there a link between IPA and Penrose? > > > On 11/10/08, *Rich Megginson* <rmeggins at redhat.com > <mailto:rmeggins at redhat.com>> wrote: > > > freeIPA will soon have support for automatic creation of AD user > accounts in IPA, including all of the posix and kerberos > attributes needed for OS login. See freeipa.org <http://freeipa.org/> > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
