Erling Ringen Elvsrud wrote:
On 11/10/08, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
[...]
Could be. The bind user used by windows sync must have read and write
rights to the AD subtree.
If I have for instance,
ou=Linux,ou=delegation,dc=foo, dc=bar, dc=baz in AD
and in the synchronization agreement the
"Windows subtree" value is:
ou=Linux,ou=delegation,dc=foo, dc=bar, dc=baz
I have tried to limit the write-permissions for the binding-user to
only ou=Linux, but that causes synchronization to fail.
In which parts of the AD-tree does the binding-user need write access?
Does it need write access in dc=foo and all siblings?
For read access - see
http://msdn.microsoft.com/en-us/library/ms677626(VS.85).aspx and
http://support.microsoft.com/kb/891995 for more information about how
the DirSync Search works.
For write access - should only need access to ou=Linux
Thanks again,
Erling
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
