On 07/03/2012 10:49 AM, Rich Megginson wrote:
On 07/03/2012 10:45 AM, Orion Poplawski wrote:
We are looking to sync our groups between our ldap server and an AD server.
Our LDAP server also serves a samba domain for one of our offices. As a
result we have Domain Admins and Domain Computers groups for the samba
domain that we don't want to conflict with the AD groups of the same names.
So it seems like we should move the samba domain groups into a different
part of the tree. But we would still want to have a common shared group
area that is visible by all. Any suggestions as to how to achieve this?
Unless AD stores these groups in a different place in the tree, not in the
scope of other groups, I don't think it is possible with 389. Please file a
ticket.
Is there some way to make a specific subtree (e.g.
ou=cora,ou=Groups,dc=nwra,dc=com) consistent of entries in that sub-tree plus
entries (but not sub-trees) in the parent node (ou=Groups,dc=nwra,dc=com)?
That was the different domains could point to their specific sub-tree for
private entries but still share some. I guess the common directory doesn't
need to be the parent, which might make it easier.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion@xxxxxxxx
Boulder, CO 80301 http://www.nwra.com
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
