Emmanuel BILLOT wrote:
Rich Megginson a écrit :We're currently investigating the group sync feature of Windows Sync, and we wanted to know how it is deployed. Do you sync groups? What types of groups? Security or Distribution? Global or Local? Do the groups have "meaning" in both AD and Fedora DS, or only in one side?Hi,We are very interested in Windows Sync. We want to share as database between AD ans Fedora DS, because both have qualities in our environnement. AD is used for domain management (client computers) and file sharing (NTFS), indeed AD basic work. We also need a "real LDAP" (RFC compliant, opensource, easy to modify structure, etc...) for compatibility with the OpenSource environment, authentification and directory.Fedora/RedHat directory seems to be the best way for use with windows sync. Howerver, this functionnality is quite difficult to configure (essentially for password) and field matching between AD and FDS should be more opened. I mean Windows Sync should be perfect is thoses additionnal function were implemented : * choose matching between AD and FDS fileds (eq mail with kerberos login, sn and givenname with MS specific ones) * sync sub trees with much more precision (eq sync ou=users,ou=microsoft,dc=europe,dc=priv with ou=people,dc=microsoft,dc=example,dc=fr)For group sync we should use security groups, with global type. In fact, windows groups are used for file rights management and security, like posix group in unix, and for global authorization like roles.
So in AD, you use Security Groups, and you use them for access control.
No. Windows Sync is only for the bare minimum user/group/password sync. If you need to do more than that, I suggest you look at Penrose Virtual Directory - http://docs.safehaus.org/display/PENROSE/Homeis Windows sync going to be enhanced ?
br,------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
