[Fedora-directory-users] Re: Windows sync: how do you populate the posixUser attributes?
Rich Megginson
rmeggins at redhat.com
Thu Nov 6 20:00:35 UTC 2008
Erling Ringen Elvsrud wrote:
> On Wed, Nov 5, 2008 at 3:24 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> [...]
>
>> That should work. But note that posix attributes will not sync to AD. And
>> even if you did manage to find a posix schema that worked with AD, and added
>> the posix schema on the AD side, those attributes would not be synced to
>> Fedora DS.
>>
>
> Thanks for your answer.
>
> I start to wonder if Windows sync is worth the trouble. At my site we
> will probably not implement password sync as the AD-side is very
> restrictive about installing anything.
I hear this all the time - AD admins are very touchy about installing
anything, especially some piece of random open source software that's
going to intercept clear text passwords and send them who-knows-where
> So what I get is basically a
> skeleton that I have to populate with the posixUser attributes.
>
> Another issue is groups in AD. I suppose those groups will become
> regular unix-groups on the directory server side,
Yes. But note - not posix groups (posixGroup) but plain groups
(groupOfUniqueNames)
> which might not
> be enough for all policing needs (may need netgroups in addition).
>
Sure.
> We will probably have maximum a few hundred users in the directory, do
> you think Windows-sync is worth the bother?
>
I suggest you take a look at Penrose
http://docs.safehaus.org/display/PENROSE/Home
> Erling
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
More information about the Fedora-directory-users
mailing list