[Freeipa-users] Has one successfully synched the entirety of their AD to IPA (multiple OUs and or Subtrees)

Todd Maugh tmaugh at boingo.com
Mon Mar 17 21:52:11 UTC 2014 

Thanks Rich,

I am able to create a successful winsync agreement from the top level.

Unfortunately, when I do this. I do not see any of the accounts from the sub trees populate my ipa server.

Is it possible to have all the subtrees (ous) live under cn=users. If I make this change to AD would IPA then sync all the accounts from the subtrees? I cant believe I am the first person with this issue or need.

Thanks again in advance.


From: Rich Megginson [mailto:rmeggins at redhat.com]
Sent: Monday, March 17, 2014 2:44 PM
To: Todd Maugh; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Has one successfully synched the entirety of their AD to IPA (multiple OUs and or Subtrees)

On 03/17/2014 03:33 PM, Todd Maugh wrote:
I'm trying to sync all of my AD to IPA, I don't need to retain any of the original windows directory structure once in IPA.

I cannot find where to set ipaWinSyncUserFlatten to true (so I'm assuming it's on true by default)

Yes, it is true by default.
dn: cn=ipa-winsync,cn=plugins,cn=config



I really need to be able to sync more than just the cn=users subtree

There really isn't explicit support for this.  If it doesn't work to set your AD subtree to your root suffix (e.g. dc=domain,dc=com), then it's simply not going to work until 389 adds support for that.



And I can find no documentation or help on line.

Because there probably isn't any.




Has anyone had any success or practice with this?

See above.


Thanks

-Todd

Todd Maugh
Sr System Engineer
Boingo Wireless
tmaugh at boingo.com<mailto:tmaugh at boingo.com>





_______________________________________________

Freeipa-users mailing list

Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>

https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140317/20635a9d/attachment.htm>

More information about the Freeipa-users mailing list