[Fedora-directory-users] Re: Windows sync: how do you populate the posixUser attributes?
Rich Megginson
rmeggins at redhat.com
Thu Nov 13 15:26:00 UTC 2008
Kenneth Holter wrote:
>
> The IPA documentation states that it ships with (Fedora/Red Hat)
> Directory Server. Won't we get the same sync issues with (free/Red
> Hat) IPA as with Directory Server alone?
No. IPA winsync (coming Real Soon Now) extends regular DS windows sync
in a couple of ways:
* AD users synced over to IPA will get the full kerberos and posix (and
other) schema, including a uidNumber automatically assigned.
* If a user is disabled in AD, that user will be disabled in IPA, and
vice versa
* There is the ability to force sync - if there is an already existing
IPA user with the same user id (uid attribute) as an already existing AD
user (samAccountName attribute) they will be automatically synced - you
do not have to manually add the ntUser objectclass and ntUserDomainID
attribute with the samAccountName value to the IPA entry
>
> And is there a link between IPA and Penrose?
>
>
> On 11/10/08, *Rich Megginson* <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>> wrote:
>
>
> freeIPA will soon have support for automatic creation of AD user
> accounts in IPA, including all of the posix and kerberos
> attributes needed for OS login. See freeipa.org <http://freeipa.org/>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
More information about the Fedora-directory-users
mailing list