[Freeipa-users] syncing users more not limited to a subtree
Rich Megginson
rmeggins at redhat.com
Fri Feb 10 19:25:32 UTC 2012
On 02/10/2012 12:18 PM, Dmitri Pal wrote:
> On 02/10/2012 01:46 PM, Rich Megginson wrote:
>> On 02/10/2012 11:41 AM, Dmitri Pal wrote:
>>> On 02/10/2012 10:28 AM, Rich Megginson wrote:
>>>> On 02/10/2012 04:01 AM, David Juran wrote:
>>>>> Hello
>>>>>
>>>>> I wonder if it's somehow possible to sync AD-users more selectively
>>>>> then
>>>>> just by sub-tree. In my case, I'm dealing with a very large
>>>>> organisation
>>>>> where the users that are to be synced to IPA aren't grouped by a
>>>>> subtree
>>>>> in AD but rather spread out. Can this be handled somehow?
>>>>>
>>>> I don't think so, but can you provide some examples?
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Rich, can one create two different winsync agreements that use different
>>> sub trees on the AD side?
>> Yes, if they also use two different sub trees on the IPA side.
>> Otherwise, you have two different winsync agreements covering the same
>> ipa subtree - I have no idea what would happen.
> If the users are different then there should be no collision. Are you
> concerned about two winsyncs stepping on each other in terms of keeping
> the view (persistent search or something like) at IPA data consistent?
Yes.
>>> If there anything that would prevent it to
>>> work? May be it should be done from 2 IPA replicas?
>> You might still have problems with that scenario, just delayed. That
>> is, the ipa subtree is the same on both replicas, so you still have
>> the same problem, just delayed by the speed of replication.
>>
>> The only way to know for sure would be to get some concrete examples,
>> then try it out.
>
More information about the Freeipa-users
mailing list