<html dir="ltr"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style>  </style><style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style> </head> <body ocsi="0" fpstyle="1" lang="EN-US" link="blue" vlink="purple"> <div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Hi,<br> <br> No, I dont think so. Ive asked this....you have to clean up AD / the contents of the container you are syncing.<br> <br> We have 8000+ items at least 1/2 of which are not required, eg things like templates so when we sync we bring all of it across and it makes IPA a huge mess. I'd like a rule to at least block something's eg anything called template* which would help a lot.<br> <div><br> <div style="font-family:Tahoma; font-size:13px"> <p>regards</p> <p>Steven Jones</p> <p>Technical Specialist - Linux RHCE</p> <p>Victoria University, Wellington, NZ</p> <p>0064 4 463 6272<br> </p> </div> </div> <div style="font-family: Times New Roman; color: #000000; font-size: 16px"> <hr tabindex="-1"> <div style="direction: ltr;" id="divRpF349316"><font color="#000000" face="Tahoma" size="2"><b>From:</b> freeipa-users-bounces@redhat.com [freeipa-users-bounces@redhat.com] on behalf of Tovey, Mark [MTovey@go2uti.com]<br> <b>Sent:</b> Wednesday, 17 July 2013 7:48 a.m.<br> <b>To:</b> Freeipa-users@redhat.com<br> <b>Subject:</b> [Freeipa-users] Limit password synchronization from Active Directory<br> </font><br> </div> <div></div> <div> <div class="WordSection1"> <p class="MsoNormal"> </p> <p class="MsoNormal"> Is there a way to limit what user accounts are synchronized from Active Directory? There are around 15,000 entries in our production AD system, but probably only about 300 of those need to have an account in the IPA system. Can we set an attribute in the user information in AD that would flag that this is a candidate for replication, and lack of that attribute would cause an account to be skipped?</p> <p class="MsoNormal"> Thanks,</p> <p class="MsoNormal"> -Mark</p> <p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:8.0pt; font-family:"Arial","sans-serif"; color:gray" lang="EN-GB"> </span></b></p> <p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:8.0pt; font-family:"Arial","sans-serif"; color:gray" lang="EN-GB">________________________________________________________________</span></b></p> <p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:8.0pt; font-family:"Arial","sans-serif"; color:gray" lang="EN-GB">Mark Tovey - UNIX Engineer | Service Strategy & Design</span></b></p> <p class="MsoNormal" style="text-autospace:none"><span style="font-size:7.5pt; font-family:"Arial","sans-serif"; color:blue" lang="EN-GB"><a href="http://www.go2uti.com/" target="_blank"><span style="color:blue">UTi</span></a> </span><span style="font-size:7.5pt; font-family:"Arial","sans-serif"; color:gray" lang="EN-GB">| 400 SW Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA</span></p> <p class="MsoNormal" style="text-autospace:none"><span style="font-size:7.5pt; font-family:"Arial","sans-serif"; color:gray" lang="EN-GB"><a href="mailto:MTovey@go2uti.com" target="_blank"><span style="color:blue">MTovey@go2uti.com</span></a> | O / C +1 503 953-1389 | Skype: mark.tovey2</span><span lang="EN"></span></p> <p class="MsoNormal"> </p> </div> </div> </div> </div> </body> </html>