[Freeipa-users] RHEL6 IPA and Active Directory synchronisation and Solaris RBAC

Steven Jones Steven.Jones at vuw.ac.nz
Wed Feb 13 19:50:50 UTC 2013 

Hi,

You can specify a --winsubtree, provided all the users you want are in that, I think that will work.

For filters, Ive suggested that, we have so much garbage in our AD that its cluttering IPA badly.  eg we have hundred templates, so I'd like to block those from being transferred.

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Dag Wieers [dag at wieers.com]
Sent: Thursday, 14 February 2013 3:58 a.m.
To: freeipa-users at redhat.com
Subject: [Freeipa-users] RHEL6 IPA and Active Directory synchronisation and     Solaris RBAC

Hi,

We are investigating whether IPA is an acceptable solution for our
environment. One of the aspects that is not clear (from reading the
documentation and testing it without AD) is whether the synchronization
with AD can be limited to a subset.


Since we would like to only synchronize certain user-accounts (conforming
to a specific format) from AD unidirectionally, and we also want to manage
functional/technical accounts on IPA, we need to make sure that we:

  - can filter the stuff we pull from AD
  - can avoid the synchronisation to remove other accounts managed in IPA

Can someone confirm that this is possible ? Is there any indepth
information on how this AD sycnhronization works (preferably about RHEL6
IPA) ?


Also since we also require compatibility with Solaris, and roles (RBAC) is
currently used on Solaris, does IPA support RBAC on Solaris ? (We noticed
that RBAC mentioned in the IPA web interface only relates to IPA
management).


Thanks in advance,
--
-- dag wieers, dag at wieers.com, http://dag.wieers.com/
-- dagit linux solutions, info at dagit.net, http://dagit.net/

[Any errors in spelling, tact or fact are transmission errors]

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list