[Fedora-directory-users] FDS <-> AD: UID/GID and OU sync
Rich Megginson
rmeggins at redhat.com
Wed Apr 30 14:27:58 UTC 2008
Alex Davies wrote:
> Hi All,
>
> We have an AD architecture setup, and are looking to sync FDS with
> this to allow us to authenticate Linux machines and network devices.
>
> We have two AD domains, and have a winsync and passsync setup with one
> of the domain controllers in each domain. This works, subject to the
> limitation that we have to manually create each OU. Once we create the
> OU in FDS, the users appear at the next sync. Question 1: is it
> possible to automatically sync *all* OU's, including creating the OU
> in FDS if it does not exist? We have hundreds of OUs, and I don't want
> to have to create them all manually.
>
Not sure. But I suppose it could be scripted if the init AD sync
process does not create them.
> Question 2 is on UNIX UID/GID sync from AD. I've found a couple of
> posts which imply that it is not possible to sync UID/GUD from AD[1],
>
That is correct.
> but this was some time ago. An alternative piece of documentation
> suggests that it is,but provides no details[2].
It just says that you can have the directory server automatically assign
uidNumber and gidNumber. It doesn't say anything about AD sync.
> I'm also struggling
> to find documentation on the libdna plugin, which I believe is
> involved[3].
>
We're working on it.
> My questions are
> - Is it possible to sync UID/GID from AD (where AD has the Unix Tools
> installed, and therefore has these attributes in the schema).
>
No, not yet. We have to add support for the posix schema to our AD sync
mechanism. This is on the roadmap.
> - Is it possible to automatically apply a unique UID/GID to each user
> that does not have a UID/GID?
>
Not after the fact. You'll have to write a script to do that.
> Any help/pointers greatly appreciated.
>
> Many thanks,
>
> Alex
>
>
> [1] http://www.redhat.com/archives/fedora-directory-users/2007-February/msg00111.html
> [2] "Fedora DS gets posix/unix automatic uid generation (February 08, 2007)
> The cvs head now contains a new feature for automatic generation of
> sequenced numbers which is compatible with multi-master replication
> environments. This feature can be used for automatic generation of
> posix uidNumber and gidNumber in addition to other sequenced numeric
> attributes required by your deployment. "
> http://directory.fedoraproject.org/
> [3] About the only referenceI can find:
> http://www.redhat.com/archives/fedora-directory-users/2008-January/msg00081.html
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20080430/353dff63/attachment.bin>
More information about the Fedora-directory-users
mailing list