Re: [389-users] Using Active Directory's SUA/SFU extensions in a Directory Server <==> AD setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Kenneth Holter wrote:
> I see. Thanks for the response.
>  
> Do you know if it's possible to make use of the AD groups that are 
> synced over to RHDS directly though, disregarding posix attributes 
> that are not synced over? I mean, is it possible to get nss_ldap to 
> work with the groups synced over from AD, without having to "convert" 
> the groups to posix groups first?
I don't know.  Anyone?
>  
>  
> - Kenneth
>
> On Thu, Jan 14, 2010 at 4:46 PM, Rich Megginson <rmeggins@xxxxxxxxxx 
> <mailto:rmeggins@xxxxxxxxxx>> wrote:
>
>     Kenneth Holter wrote:
>     > Hi.
>     >
>     >
>     > We wish to sync our Red Hat Directory Server (RHDS) with Active
>     > Directory (AD), and would like our linux boxes to make use the
>     groups
>     > defined on AD. Our current plan have been to recreate the AD
>     groups as
>     > netgroups on the RHDS side, but recently I've been told that it is
>     > possible use the AD groups directly - only modifications necessary
>     > would be to set some attribute mappings in the nss_ldap module, and
>     > enable/configure the Subsystem for UNIX-based Applications (SUA) on
>     > the AD side.
>     >
>     > Has anyone here implemented this setup?
>     >
>     > Is is so that SUA is simply a schema extension to hold unix
>     > attributes, so essentially what happens when enabling SUA is
>     that one
>     > on the AD side is able to define posix attributes, which in turn is
>     > synced over to RHDS by the Windows Sync plugin?
>     389 Windows sync will not sync posix attributes at all, in either
>     direction, regardless of whether SUA/SFU is used.
>     >
>     >
>     > Best regards,
>     > Kenneth Holter
>     >
>     ------------------------------------------------------------------------
>     >
>     > --
>     > 389 users mailing list
>     > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>     <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
>     > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>     --
>     389 users mailing list
>     389-users@xxxxxxxxxxxxxxxxxxxxxxx
>     <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
>     https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux