[Freeipa-users] syncing users more not limited to a subtree
Rob Crittenden
rcritten at redhat.com
Tue Feb 14 22:50:06 UTC 2012
David Juran wrote:
> Hello!
>
> On fre, 2012-02-10 at 08:28 -0700, Rich Megginson wrote:
>> On 02/10/2012 04:01 AM, David Juran wrote:
>
>>> I wonder if it's somehow possible to sync AD-users more selectively then
>>> just by sub-tree. In my case, I'm dealing with a very large organisation
>>> where the users that are to be synced to IPA aren't grouped by a subtree
>>> in AD but rather spread out. Can this be handled somehow?
>>>
>> I don't think so, but can you provide some examples?
>
> If I understand the customers use-case correctly (and this is quite a
> disclaimer) they have _most_ of their users in one sub-tree in AD but
> also some users spread out all over the AD.
> So I gather that I really should sync the entire AD. Or that I
> _possibly_ could specify multiple sub-trees to sync, but still only on a
> subtree level and not individual users to sync. Or that I really should
> wait for the trust-to-AD feature to be ready... Is that correct?
How would they identify which users they would want sync'd? Is this
something we'd be able to build a filter on (not that we actually
provide a configurable filter right now)?
rob
More information about the Freeipa-users
mailing list