[Freeipa-users] Limit password synchronization from Active Directory
Rich Megginson
rmeggins at redhat.com
Tue Jul 16 20:00:26 UTC 2013
On 07/16/2013 01:48 PM, Tovey, Mark wrote:
>
> Is there a way to limit what user accounts are synchronized from
> Active Directory? There are around 15,000 entries in our production
> AD system, but probably only about 300 of those need to have an
> account in the IPA system. Can we set an attribute in the user
> information in AD that would flag that this is a candidate for
> replication, and lack of that attribute would cause an account to be
> skipped?
>
No. The only thing you can do is create a special container (cn=IPA
users or ou=IPA users or something like that), move the users you want
to sync into that container, and sync only that container.
> Thanks,
>
> -Mark
>
> **
>
> *________________________________________________________________*
>
> *Mark Tovey - UNIX Engineer | Service Strategy & Design*
>
> UTi <http://www.go2uti.com/> | 400 SW Sixth Ave, Suite 1100 | Portland
> | Oregon | 97204 | USA
>
> MTovey at go2uti.com <mailto:MTovey at go2uti.com> | O / C +1 503 953-1389 |
> Skype: mark.tovey2
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130716/b121decf/attachment.htm>
More information about the Freeipa-users
mailing list