[Freeipa-users] Question on AD to freeipa sync
Rich Megginson
rmeggins at redhat.com
Thu Sep 29 20:49:04 UTC 2011
On 09/29/2011 02:35 PM, Steven Jones wrote:
> Hi,
>
> In the documentation it says that new accounts in AD are syncd over to freeIPA, so IPA sets the UID as it "arrives"?
Yes. It uses the DNA plugin to assign an auto-incremented uidNumber value.
> What happens if the user is an existing one and has a UID they want to retain, does that transfer over and get used?
uidNumber from AD, or is this a case where the user already exists in
both AD and IPA?
> Also how do you set permissions
What permissions? ACIs?
> and groups?
Posix groups?
> does the new user just go into a default group
In the ipa-winsync plugin config you tell it how to find the entry that
has the default group gidNumber to use. This should be documented
somewhere.
> and then you login to freeIPA and set them up? or can you put the GIDs into AD and they get transferred and the user put into the "right" groups" automagically?
It cannot copy the gidNumber from AD.
> Looks like I can set this sort of thing "how I want" in the sync agreement?
This sort of thing should be documented in the ipa winsync documentation.
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list