Erling Ringen Elvsrud wrote:
On Wed, Nov 5, 2008 at 3:24 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
[...]
That should work. But note that posix attributes will not sync to AD. And
even if you did manage to find a posix schema that worked with AD, and added
the posix schema on the AD side, those attributes would not be synced to
Fedora DS.
Thanks for your answer.
I start to wonder if Windows sync is worth the trouble. At my site we
will probably not implement password sync as the AD-side is very
restrictive about installing anything.
I hear this all the time - AD admins are very touchy about installing
anything, especially some piece of random open source software that's
going to intercept clear text passwords and send them who-knows-where
So what I get is basically a
skeleton that I have to populate with the posixUser attributes.
Another issue is groups in AD. I suppose those groups will become
regular unix-groups on the directory server side,
Yes. But note - not posix groups (posixGroup) but plain groups
(groupOfUniqueNames)
which might not
be enough for all policing needs (may need netgroups in addition).
Sure.
We will probably have maximum a few hundred users in the directory, do
you think Windows-sync is worth the bother?
I suggest you take a look at Penrose
http://docs.safehaus.org/display/PENROSE/Home
Erling
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
