[Freeipa-users] ntGroup MUST ntUserDomainId?
Martin Kosek
mkosek at redhat.com
Wed Mar 4 08:00:16 UTC 2015
On 03/04/2015 04:57 AM, Hugh wrote:
> All,
>
> We're running ipa-server-3.0.0-42/389-ds-base-1.2.11.15-48 on CentOS 6.5
> and synching to AD. We're able to synch users, but can't synch groups.
> When I was adding in the ntGroup objectclass, it appears that that
> requires ntUserDomainId to be set. Shouldn't that be ntGroupDomainId? I
> tried to add ntGroupDomainId, but that attribute doesn't seem to be
> allowed by any objectclasses. I did a grep on the /etc/dirsrv directory
> and can see ntGroupDomainId in the attribute list, but not in any of the
> objectclasses. What attributes/objectclasses are required for synching
> to AD?
Hello Hugh,
Before you dive in further in the FreeIPA winsync and groups, please note that
FreeIPA does not support group sync from/to AD and there are no plans for
adding that capability. We are focusing on AD Trusts instead, as *the* way for
cooperation with AD. This is related upstream ticket with similar request, just
different direction:
https://fedorahosted.org/freeipa/ticket/3946
Martin
More information about the Freeipa-users
mailing list