[Freeipa-users] Extra attributes for sync agreement AD to FreeIPA
rcritten at redhat.com
Fri Oct 31 15:49:03 UTC 2014
Edouard Guigné wrote:
> Hello Rob,
> Thank you for your answer.
> Do you mean it should already work ?
> Or I have to do this on the FreeIPA server :
> |rm /etc/dirsrv/slapd-INSTNAME/schema/10rfc2307.ldif
> cp /usr/share/dirsrv/data/10rfc2307bis.ldif /etc/dirsrv/slapd-INSTNAME/schema
Sorry, I guess I was a little terse.
The nisDomain is already defined for IPA so you can skip that bit.
The Posix Winsync Plugin is disabled by default. You'll need to enable
it and configure it to match your environment. See the wiki page for
You can either enable and configure it online by using ldapmodify and
binding as the Directory Manager or by shutting down 389-ds and
modifying dse.ldif, then restarting it (or use a tool like Apache
> Best Regards, have a nice we.
> Le 31/10/2014 16:04, Rob Crittenden a écrit :
>> Edouard Guigné wrote:
>>> Hello freeipa Users,
>>> I am working on a sync agreement between AD server -> FreeIPA server
>>> (fedora 20)
>>> I follow the documentation, my sync works beetwen AD -> FreeIPA with
>>> "ipa-replica-manage connect --winsync ..."
>>> However, I would like to extract attributes from my AD like :
>>> - uidNumber
>>> - gidNumber
>>> - unixHomeDirectory
>>> - loginShell
>>> - msSFU30NisDomain
>>> My AD server is 2008 R2 with with Subsystem for UNIX-based Applications.
>>> I would like rerieve these attributes in my freeipa server after sync.
>>> I had a look on google, and find informations like this :
>>> But I did not succeed with it.
>>> May someone help me ?
>> It should already work:
More information about the Freeipa-users