[Freeipa-users] Questions about AD Synchronization

Dmitri Pal dpal at redhat.com
Sun Feb 12 21:45:15 UTC 2012 

On 02/12/2012 03:49 PM, Marco Pizzoli wrote:
> Hi guys,
> a couple of questions about AD synchronization.
>
> I read in the guide these points:
> - A synchronization operation runs every five minutes.  --> I read
> that it can be triggered on demand, but is it possibile to change the
> value of this frequency?

I think it is configurable. You might want to check port389 wiki for
more details.

> - Synchronization can only be configured with one Active Directory
> domain. Multiple domains are not supported.  --> Do they will in a
> future version?

No plans as we are working on trusts and trusts would make
synchronization not needed.

> - While modifications are bi-directional (going both from Active
> Directory to FreeIPA and from FreeIPA to Active Directory), new
> accounts are only uni-directional. New accounts created in Active
> Directory are synchronized over to FreeIPA. However, user accounts
> created in FreeIPA must also be added in Active Directory before they
> will be synchronized.
>      ---> What is the origin of this restriction? I mean, why cannot
> be created a user in AD by FreeIPA?
>

Time and materials mostly - the support cost is origin of this
restriction. It is potentially could be done and DS does this but the
use case for IPA is different and dominated by AD so it does not make
sense to build a solution when in 95 persent the sync would go from AD
to IPA as people already have users there.

>
> And another question, not related to the synchronization:
> - In the FreeIPA 389-ds I see used the "DUA Config Profile"
> objectClass. To learn what it is I already read RFC#4876. Now I would
> like to have a look at a document/draft/etc..  about his using within
> FreeIPA. Is it available anywhere? If no, could someone give some
> explanation?
>

There is no use but we contemplated using it some time in future. So far
we have noot seen any real damand for this functionality and it is
pretty complex feature to build.

> Thanks a lot as usual!
> Marco
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120212/f0759c28/attachment.htm>

More information about the Freeipa-users mailing list