On 11/10/08, Rich Megginson <rmeggins@xxxxxxxxxx> wrote: [...] > Could be. The bind user used by windows sync must have read and write > rights to the AD subtree. If I have for instance, ou=Linux,ou=delegation,dc=foo, dc=bar, dc=baz in AD and in the synchronization agreement the "Windows subtree" value is: ou=Linux,ou=delegation,dc=foo, dc=bar, dc=baz I have tried to limit the write-permissions for the binding-user to only ou=Linux, but that causes synchronization to fail. In which parts of the AD-tree does the binding-user need write access? Does it need write access in dc=foo and all siblings? Thanks again, Erling -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
