Sören Malchow
2008-May-09 14:07 UTC
[Fedora-directory-users] FDS - AD: sync deactivated status
Dear all, i have a FDS with synchronization to an AD up and running, everything including password sync is fine, the only attribute that is needed and not synching is whether the user is deactivated or not. I can deactive users seperately in FDS or AD but it does not sync, after alot of research i could not find a solution for that, can someone please point me the way ? Regards Soeren
Rich Megginson
2008-May-09 15:33 UTC
Re: [Fedora-directory-users] FDS - AD: sync deactivated status
Sören Malchow wrote:> > Dear all, > > i have a FDS with synchronization to an AD up and running, everything > including password sync is fine, the only attribute that is needed and > not synching is whether the user is deactivated or not. > > I can deactive users seperately in FDS or AD but it does not sync, > after alot of research i could not find a solution for that, can > someone please point me the way ?That is not currently supported. What is the AD attribute that tells whether a user is active or not?> > > Regards > Soeren > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Sören Malchow
2008-May-11 20:37 UTC
Re: [Fedora-directory-users] FDS - AD: sync deactivated status
Hi Rich, first, thanks for the answer. The attribute in the active directory that controls whether the user is active or not is "userAccountControl" the value for active accounts is "512" and for deactivated accounts it is "514" ( both decimal ). There are several more possible values, those can be found here http://support.microsoft.com/kb/305144 I think there are some more interesting values for synchronization, e.g. - PASSWORD_EXPIRED - LOCKOUT if there is a way to synch this values somehow it would be great. Regards Soeren Rich Megginson <rmeggins@redhat.com> Sent by: fedora-directory-users-bounces@redhat.com 09.05.2008 17:34 Please respond to "General discussion list for the Fedora Directory server project." <fedora-directory-users@redhat.com> To "General discussion list for the Fedora Directory server project." <fedora-directory-users@redhat.com> cc Subject Re: [Fedora-directory-users] FDS - AD: sync deactivated status Sören Malchow wrote:> > Dear all, > > i have a FDS with synchronization to an AD up and running, everything > including password sync is fine, the only attribute that is needed and > not synching is whether the user is deactivated or not. > > I can deactive users seperately in FDS or AD but it does not sync, > after alot of research i could not find a solution for that, can > someone please point me the way ?That is not currently supported. What is the AD attribute that tells whether a user is active or not?> > > Regards > Soeren > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Rich Megginson
2008-May-12 15:41 UTC
Re: [Fedora-directory-users] FDS - AD: sync deactivated status
Sören Malchow wrote:> > Hi Rich, > > first, thanks for the answer. > > The attribute in the active directory that controls whether the user > is active or not is "userAccountControl" the value for active accounts > is "512" and for deactivated accounts it is "514" ( both decimal ). > > There are several more possible values, those can be found here > > http://support.microsoft.com/kb/305144 > > I think there are some more interesting values for synchronization, e.g. > > - PASSWORD_EXPIRED > - LOCKOUT > > if there is a way to synch this values somehow it would be great.There is not a way right now. However, please file a bug at bugzilla.redhat.com against Fedora Directory Server to request this to be supported.> > Regards > Soeren > > > > > > *Rich Megginson <rmeggins@redhat.com>* > Sent by: fedora-directory-users-bounces@redhat.com > > 09.05.2008 17:34 > Please respond to > "General discussion list for the Fedora Directory server project." > <fedora-directory-users@redhat.com> > > > > To > "General discussion list for the Fedora Directory server project." > <fedora-directory-users@redhat.com> > cc > > Subject > Re: [Fedora-directory-users] FDS - AD: sync deactivated status > > > > > > > > > > Sören Malchow wrote: > > > > Dear all, > > > > i have a FDS with synchronization to an AD up and running, everything > > including password sync is fine, the only attribute that is needed and > > not synching is whether the user is deactivated or not. > > > > I can deactive users seperately in FDS or AD but it does not sync, > > after alot of research i could not find a solution for that, can > > someone please point me the way ? > That is not currently supported. What is the AD attribute that tells > whether a user is active or not? > > > > > > Regards > > Soeren > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Paolo Barbato
2008-May-13 06:50 UTC
Re: [Fedora-directory-users] FDS - AD: sync deactivated status
I also "sponsor" to add these values in sync. Actually I simply plan to give the same expiration date both to AD and FD . Regards, Paolo. On 12/mag/08, at 17:41, Rich Megginson wrote:> Sören Malchow wrote: >> >> Hi Rich, >> >> first, thanks for the answer. >> >> The attribute in the active directory that controls whether the >> user is active or not is "userAccountControl" the value for active >> accounts is "512" and for deactivated accounts it is "514" ( both >> decimal ). >> >> There are several more possible values, those can be found here >> >> http://support.microsoft.com/kb/305144 >> >> I think there are some more interesting values for synchronization, >> e.g. >> >> - PASSWORD_EXPIRED >> - LOCKOUT >> >> if there is a way to synch this values somehow it would be great. > There is not a way right now. However, please file a bug at > bugzilla.redhat.com against Fedora Directory Server to request this > to be supported. >> >> Regards >> Soeren >> >> >> >> >> >> *Rich Megginson <rmeggins@redhat.com>* >> Sent by: fedora-directory-users-bounces@redhat.com >> >> 09.05.2008 17:34 >> Please respond to >> "General discussion list for the Fedora Directory server >> project." <fedora-directory-users@redhat.com> >> >> >> >> To >> "General discussion list for the Fedora Directory server project." >> <fedora-directory-users@redhat.com> >> cc >> >> Subject >> Re: [Fedora-directory-users] FDS - AD: sync deactivated status >> >> >> >> >> >> >> >> >> >> Sören Malchow wrote: >> > >> > Dear all, >> > >> > i have a FDS with synchronization to an AD up and running, >> everything >> > including password sync is fine, the only attribute that is >> needed and >> > not synching is whether the user is deactivated or not. >> > >> > I can deactive users seperately in FDS or AD but it does not sync, >> > after alot of research i could not find a solution for that, can >> > someone please point me the way ? >> That is not currently supported. What is the AD attribute that tells >> whether a user is active or not? >> > >> > >> > Regards >> > Soeren >> > >> ------------------------------------------------------------------------ >> > >> > -- >> > Fedora-directory-users mailing list >> > Fedora-directory-users@redhat.com >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users------------------------------------------------------------------------------------------------ Paolo Barbato email: mailto:paolo.barbato@igi.cnr.it Network Administrator phone: (39-049)-829-5097 (39-049)-829-5000 Corso Stati Uniti,4 www: http://www.igi.cnr.it 35127 Camin-Padova PGP: http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp ITALY JabberID: rfx_paolo_barbato@messenger.efda.org ------------------------------------------------------------------------------------------------
Esteban Torres Rodriguez
2008-May-13 06:52 UTC
Re: [Fedora-directory-users] FDS - AD: sync deactivated status
Hello everyone: Sören Malchow, has managed to synchronize all the attributes of AD? I took time trying to synchronize all the attributes of AD to SDS but I have not succeeded. That has managed to synchronize attributes? As you''ve done? Greetings. Esteban Torres Rodríguez ÁREA DE SOPORTE TÉCNICO - Administración de Servidores Subdirección de Sistemas Informáticos Empresa Pública Desarrollo Agrario y Pesquero, email: etorres@dap.es>>> Sören Malchow <Soeren.Malchow@interone.de> 9/5/2008 16:07 >>>Dear all, i have a FDS with synchronization to an AD up and running, everything including password sync is fine, the only attribute that is needed and not synching is whether the user is deactivated or not. I can deactive users seperately in FDS or AD but it does not sync, after alot of research i could not find a solution for that, can someone please point me the way ? Regards Soeren
Sören Malchow
2008-May-13 09:30 UTC
Re: [Fedora-directory-users] FDS - AD: sync deactivated status
Dear Esteban, no, we have not managed to snyc the attributes between Active Directory and FDS, but as Rich said, i filed a bug in the bugzilla, and hopefully this issue is resolved in the next version Regards Soeren "Esteban Torres Rodriguez" <etorres@dap.es> Sent by: fedora-directory-users-bounces@redhat.com 13.05.2008 08:53 Please respond to "General discussion list for the Fedora Directory server project." <fedora-directory-users@redhat.com> To <Fedora-directory-users@redhat.com> cc Subject Re: [Fedora-directory-users] FDS - AD: sync deactivated status Hello everyone: Sören Malchow, has managed to synchronize all the attributes of AD? I took time trying to synchronize all the attributes of AD to SDS but I have not succeeded. That has managed to synchronize attributes? As you''ve done? Greetings. Esteban Torres Rodríguez ÁREA DE SOPORTE TÉCNICO - Administración de Servidores Subdirección de Sistemas Informáticos Empresa Pública Desarrollo Agrario y Pesquero, email: etorres@dap.es>>> Sören Malchow <Soeren.Malchow@interone.de> 9/5/2008 16:07 >>>Dear all, i have a FDS with synchronization to an AD up and running, everything including password sync is fine, the only attribute that is needed and not synching is whether the user is deactivated or not. I can deactive users seperately in FDS or AD but it does not sync, after alot of research i could not find a solution for that, can someone please point me the way ? Regards Soeren -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users