Hi,
I have a user directory structure in AD that mimics a typical org chart
such that my ou=People directory contains additional ou's as subtrees
that represent different departments. I have a windows sync agreement
in FDS set up, and after manually adding the various ou's on the FDS
side, all the users sync over properly in all the subtrees.
My problem is with the password sync service for windows. Upon changing
a user's password that has already been replicated to FDS from AD, I see
in the access logs a search along these lines:
SRCH base="ou=People,dc=my,dc=domain" scope=1
filter="(ntUserDomainId=myUser)" attrs=ALL
with the result indicating no entries found:
RESULT err=0 tag=101 nentries=0 etime=0
The myUser account is at ou=MyDept,ou=People,dc=my,dc=domain, but the
password sync service issues a search request to only search the
ou=People directory non-recursively (i.e. scope=1). I don't see any
options in either the PassSync.msi setup or in the registry keys to
force the service to do a scope=2 recursive search. I tried to use the
syntax "ou=People,dc=my,dc=domain?sub", but it doesn't seem to recognize
that either. Is there any workaround for this besides to synchronize
all of my users to a single directory on FDS?
Thanks,
Brian
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
