[Freeipa-users] syncing users more not limited to a subtree
David Juran
djuran at redhat.com
Tue Feb 14 14:18:09 UTC 2012
Hello!
On fre, 2012-02-10 at 08:28 -0700, Rich Megginson wrote:
> On 02/10/2012 04:01 AM, David Juran wrote:
> > I wonder if it's somehow possible to sync AD-users more selectively then
> > just by sub-tree. In my case, I'm dealing with a very large organisation
> > where the users that are to be synced to IPA aren't grouped by a subtree
> > in AD but rather spread out. Can this be handled somehow?
> >
> I don't think so, but can you provide some examples?
If I understand the customers use-case correctly (and this is quite a
disclaimer) they have _most_ of their users in one sub-tree in AD but
also some users spread out all over the AD.
So I gather that I really should sync the entire AD. Or that I
_possibly_ could specify multiple sub-trees to sync, but still only on a
subtree level and not individual users to sync. Or that I really should
wait for the trust-to-AD feature to be ready... Is that correct?
--
David Juran
Sr. Consultant
Red Hat
+46-725-345801
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120214/a2fb2e2b/attachment.sig>
More information about the Freeipa-users
mailing list