Kenneth Holter wrote:
The IPA documentation states that it ships with (Fedora/Red Hat)
Directory Server. Won't we get the same sync issues with (free/Red
Hat) IPA as with Directory Server alone?
No. IPA winsync (coming Real Soon Now) extends regular DS windows sync
in a couple of ways:
* AD users synced over to IPA will get the full kerberos and posix (and
other) schema, including a uidNumber automatically assigned.
* If a user is disabled in AD, that user will be disabled in IPA, and
vice versa
* There is the ability to force sync - if there is an already existing
IPA user with the same user id (uid attribute) as an already existing AD
user (samAccountName attribute) they will be automatically synced - you
do not have to manually add the ntUser objectclass and ntUserDomainID
attribute with the samAccountName value to the IPA entry
And is there a link between IPA and Penrose?
On 11/10/08, *Rich Megginson* <rmeggins@xxxxxxxxxx
<mailto:rmeggins@xxxxxxxxxx>> wrote:
freeIPA will soon have support for automatic creation of AD user
accounts in IPA, including all of the posix and kerberos
attributes needed for OS login. See freeipa.org <http://freeipa.org/>
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
