[389-users] ADS <==> FedoraDS <==> Linux/Unix Clients?
Kenneth Holter
kenneho.ndu at gmail.com
Mon Jan 4 09:07:48 UTC 2010
Hi.
We're currently working on a similar setup.
Regarding your first question: Using the Windows Sync plugin on the FDS you
sync specific users from AD over to FDS. Just move your sysadmin users to an
LDAP organization unit (OU), and sync that over to FDS. Next, you'll need to
add posix attributes (user ID, group ID, home directory, etc) to these users
on the FDS side. You can create simple scripts for doing this. In our setup,
we're going to use groups defined on the AD side as basis for NIS netgroups
on linux, so that we can control access to and sudo privileges on linux
servers based on these groups. This adds to the complexity, but lets us
manage users and access from the AD side.
When you delete a user on the AD side, it will get deleted on the FDS side
too.
Regards,
Kenneth Holter
On Tue, Dec 29, 2009 at 5:41 PM, Ajeet S Raina <ajeetraina at gmail.com> wrote:
>
> I have a certain query regarding the following structure:
> Code:
>
> Active Directory Server
> ||
> ||
> Fedora Directory Server <=> Client(Linux | Fedora | Ubuntu | Solaris | HP)
>
> Let me explain you what I want:
>
> 1.There is a company Active Directory Server under domain intinfra.com.As<http://intinfra.com.as/>of now there are limited Windows Desktop Machine under that domain.I have
> few Linux / Unix Machines which I want to authenticate through ADS(which are
> presently not under ADS).Why? Becoz' everytime I need to delete the users
> whenver they leave the project.Thats Cumbersome.
>
> So what I want is Setup Fedora DS(Wonder if We can do that without Fedora
> DS).Now I can ads join to Fedora DS(I have administrative privileges for
> ADS).What I really want to know is:
>
> If I join Fedora DS to ADS then all employee can login to the Linux Machine
> through their login credentials. I dont want that to happen.We have 3000
> employee in intinfra Domain but We are only 30 Admins. I only want those
> 30-40 admins to login restrictly.Is it possible to restrict at FedoraDS
> level.
>
> 2.Say, I joined ADS and fedora DS and say after 30 days one of System Admin
> left the company.So his name will be removed from ADS. Is it possible that
> ADS and Fedora DS are synchronized in such a way that a user whose name gets
> deleted in ADS, gets deleted too from fedora .Do fedora DS has the
> capability to synchronize to ADS everytime.
>
> Pls Suggest.
>
>
>
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20100104/69db73fb/attachment.htm>
More information about the Fedora-directory-users
mailing list