[Fedora-directory-users] Errors when a full re-sync is initiated in Windows Sync. Could temp. changes in binding-user rights be the cause?
Rich Megginson
rmeggins at redhat.com
Thu Nov 13 14:45:19 UTC 2008
Erling Ringen Elvsrud wrote:
> On 11/10/08, Rich Megginson <rmeggins at redhat.com> wrote:
> [...]
>
>> Could be. The bind user used by windows sync must have read and write
>> rights to the AD subtree.
>>
>
> If I have for instance,
>
> ou=Linux,ou=delegation,dc=foo, dc=bar, dc=baz in AD
>
> and in the synchronization agreement the
> "Windows subtree" value is:
> ou=Linux,ou=delegation,dc=foo, dc=bar, dc=baz
>
> I have tried to limit the write-permissions for the binding-user to
> only ou=Linux, but that causes synchronization to fail.
>
> In which parts of the AD-tree does the binding-user need write access?
> Does it need write access in dc=foo and all siblings?
>
For read access - see
http://msdn.microsoft.com/en-us/library/ms677626(VS.85).aspx and
http://support.microsoft.com/kb/891995 for more information about how
the DirSync Search works.
For write access - should only need access to ou=Linux
> Thanks again,
>
> Erling
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
More information about the Fedora-directory-users
mailing list