Guys I' ve seen this warning on the 8.1 Administration Guide: WARNING There can only be a single sync agreement between the Directory Server environment and the Active Directory environment. Multiple sync agreements to the same Active Directory domain can create entry conflicts. Ref: http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Windows_Sync.html In my scenario I have many OUs under the AD synchronized subtree eg ou=dep1,dc=example,dc=com , ou=dep2,dc=example,dc=com , etc. I tried to synchronize the whole subtree dc=example,dc=com to the respective tree on DS but this fails due to schema incompatibilities. So I created one sync agreement per OU and it seems to be working as expected in my test environment. What that warning above is all about? What could possibly go wrong if you use multiple sync agreements. How can there be entry conflicts if each synchronized subtree is different from the other? Another issue I have is that when users are disabled on the AD they are still active on the DS. An obvious workaround is to change the password of the disabled user so he can not use his account on AD but it would be nice if their is a solution to avoid this. Any ideas? -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
