Using Active Directory's SUA/SFU extensions in a Directory Server <==> AD setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Kenneth Holter wrote:
> I see. Thanks for the response.
>  
> Do you know if it's possible to make use of the AD groups that are 
> synced over to RHDS directly though, disregarding posix attributes 
> that are not synced over? I mean, is it possible to get nss_ldap to 
> work with the groups synced over from AD, without having to "convert" 
> the groups to posix groups first?
I don't know.  Anyone?
>  
>  
> - Kenneth
>
> On Thu, Jan 14, 2010 at 4:46 PM, Rich Megginson <rmeggins at redhat.com 
> <mailto:rmeggins at redhat.com>> wrote:
>
>     Kenneth Holter wrote:
>     > Hi.
>     >
>     >
>     > We wish to sync our Red Hat Directory Server (RHDS) with Active
>     > Directory (AD), and would like our linux boxes to make use the
>     groups
>     > defined on AD. Our current plan have been to recreate the AD
>     groups as
>     > netgroups on the RHDS side, but recently I've been told that it is
>     > possible use the AD groups directly - only modifications necessary
>     > would be to set some attribute mappings in the nss_ldap module, and
>     > enable/configure the Subsystem for UNIX-based Applications (SUA) on
>     > the AD side.
>     >
>     > Has anyone here implemented this setup?
>     >
>     > Is is so that SUA is simply a schema extension to hold unix
>     > attributes, so essentially what happens when enabling SUA is
>     that one
>     > on the AD side is able to define posix attributes, which in turn is
>     > synced over to RHDS by the Windows Sync plugin?
>     389 Windows sync will not sync posix attributes at all, in either
>     direction, regardless of whether SUA/SFU is used.
>     >
>     >
>     > Best regards,
>     > Kenneth Holter
>     >
>     ------------------------------------------------------------------------
>     >
>     > --
>     > 389 users mailing list
>     > 389-users at lists.fedoraproject.org
>     <mailto:389-users at lists.fedoraproject.org>
>     > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>     --
>     389 users mailing list
>     389-users at lists.fedoraproject.org
>     <mailto:389-users at lists.fedoraproject.org>
>     https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux