Robert Brophy
2005-Sep-07 16:50 UTC
[Fedora-directory-users] syncing a group''s uniquemember attributes
While syncing from Fedora-DS to Active Directory, it looks like the only way to sync the uniquemember attribute of a group is to have the members in the same OU as the group. Is that correct?>From the Sync Manual page 17/21Group entries that are within the scope of the sync agreement will be synchronized in much the same way as user entries. In addition, the membership of groups is synchronized with the constraint that only those members that are also within the scope of the agreement are propagated. The result is that a group may contain members that are both within and without the scope of the agreement, but only the subset of members that are themselves within agreement scope are synchronized. The remaining members are left unchanged on both sides. Thank you, Robert ______________________________________________________ Click here to donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/
David Boreham
2005-Sep-08 02:30 UTC
Re: [Fedora-directory-users] syncing a group''s uniquemember attributes
Robert Brophy wrote:>While syncing from Fedora-DS to Active Directory, it >looks like the only way to sync the uniquemember >attribute of a group is to have the members in the >same OU as the group. > >Is that correct? > >Not quite. First, only group entries that are within the scope of the sync agreement are sync''ed. This allows the adminstrator to select which groups should be sync''ed on a subtree basis. However it covers all descendent entries of a given container, not just the immediate children. Similarly, only those members of a group that are also within the scope of the agreement are sync''ed (the uniquemember attribute values corresponding to their entries are sync''ed with the member attribute values on the AD side). This is done to prevent surprises that would follow from having a member of a group that doesn''t exist within the local Directory. So, provided you can arrange for your sync''ed users and the sync''ed groups to live under a common DIT node, you should be happy. e.g. sync everything under o=mycompany, which would include ou=people, o=mycompany and ou=groups, o=mycompany. The only thing to watch is that the sync code will _not_ automatically create container entries (e.g. ou=groups, o=mycompany in the example above). You need to create those in advance manually. There are a number of other possible ways to control the sync process that can be imagined (e.g. filter the entries as well as restrict which container they come from; allow mapping of the DIT structure from one side to the other). If you have a use for any extra flexibility like this please speak up (or write code !) because future releases will almost certainly have some enhanced flexibility in this area.
What problems are you having? Note that it is usually easier to get this working first without SSL, then go back and get it working with SSL. Pedro Rodrigues wrote:> Hi, > I''m having some dificult on syncing Fedora Directory Server with AD. > I want to sync the users, groups and passwords . > I''ve reading de manuals > (www.redhat.com/docs/manuals/dir-server/ag/7.1/) and the howto at > http://directory.fedora.redhat.com/wiki/Howto:SSL. > I''ve the FDS running with ssl without any problem and the PassSync is > already installed and configured on AD. > > Anyone have an howto about this ??? > > Thanks > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > >
But, does the PassSync work without SSL ???
So, maybe somenone can explain how to do this without ssl.
I don''t know if anyone already ask this, but i''m new around
here.
Thanks.
Rich Megginson wrote:
What problems are you having? Note that it is usually easier to get
this working first without SSL, then go back and get it working with
SSL.
Pedro Rodrigues wrote:
Hi,
I''m having some dificult on syncing Fedora Directory Server with AD.
I want to sync the users, groups and passwords .
I''ve reading de manuals
(www.redhat.com/docs/manuals/dir-server/ag/7.1/)
and the howto at
http://directory.fedora.redhat.com/wiki/Howto:SSL.
I''ve the FDS running with ssl without any problem and the PassSync is
already installed and configured on AD.
Anyone have an howto about this ???
Thanks
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Cumprimentos Cordiais,
Pedro Rodrigues
Tecnologias de Informação
Centimfe - Centro Tecnológico da Indústria dos Moldes, Ferramentas Especiais e
Plásticos
Zona Industrial
Rua da Espanha, Lote 8
Apartado 313
2431-904 Marinha Grande
tel.: (+351) 244 545 600
email.: pedro.rodrigues@centimfe.com
Web.: http://www.centimfe.com