[389-users] (no subject)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Guys I' ve seen this warning on the 8.1 Administration Guide:

WARNING
There can only be a single sync agreement between the Directory Server
environment and the Active Directory environment. Multiple sync
agreements to the same Active Directory domain can create entry
conflicts. 

Ref:
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Windows_Sync.html

In my scenario I have many OUs under the AD synchronized subtree eg
ou=dep1,dc=example,dc=com , ou=dep2,dc=example,dc=com , etc. I tried to
synchronize the whole subtree dc=example,dc=com to the respective tree
on DS but this fails due to schema incompatibilities. So I created one
sync agreement per OU and it seems to be working as expected in my test
environment. What that warning above is all about? What could possibly
go wrong if you use multiple sync agreements. How can there be entry
conflicts if each synchronized subtree is different from the other?

Another issue I have is that when users are disabled on the AD they are
still active on the DS. An obvious workaround is to change the password
of the disabled user so he can not use his account on AD but it would be
nice if their is a solution to avoid this. Any ideas?


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux