AD replication with pre-existing groups and user accounts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,
I recently switched from an old Solaris LDAP to 389 Directory Server, version 2.0.15. The Solaris LDAP server also did a synchronization of accounts and groups to Active Directory, so there are already many users and groups existing which I imported to the 389 server.

Concerning the Active Directory synchronization part I am now struggling a bit. It would probably be cleanest to remove the old AD user and group accounts which have been created from Solaris LDAP
such that the 389 DS will create them all anew.
Nevertheless, this attempt was leading to storage access and login problems for the newly synchronized accounts as Active Directory assigned new SIDs after the sync and so the storage permissions for home and other data storage shares got broken. No newly synced user
was able to access their data any more.
So, this procedure is not really an option, as we cannot reset permissions on all storage servers.

Would it be possible instead to link the 389 DS accounts to the existing accounts in Active Directory which
were created from the Solaris LDAP server somehow?
Is there e.g. an attribute in the accounts which can be added to establish a link between 389 and AD accounts? Currently, these existing accounts seem to be simply skipped by the AD sync process.

Any hint on this is highly appreciated!

Thank you and best regards,
  Alex
--
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux