Jonas Courteau
2008-Oct-20 22:31 UTC
[Fedora-directory-users] Confusion over what can/can''t be synced with Windows Sync
Hello all: I''ve been fiddling around off and on getting a fedora DS box sync''d with our AD server. The problem is, the way the users are arranged on the AD server, I''m not sure how to sync everything at once. The layout (appropriately anonymized) on the AD server: - dc=example,dc=com |- ou=Groups | |- a bunch of groups | |- ou=Unit1 | |- a bunch of users belonging to one business unit | |- ou=Unit2 | |- more users, different business unit | |- ou=Users |- system users On the DS side of things, I''ve manually created the appropriate OUs, but the question is - how do I configure the sync agreement to sync all the OUs at once? It only seems to work if I configure the sync agreement to a subtree including only one of the OUs. I''m trying to do this without having to convince the AD administrator to change his odd layout of users - any ideas? Thanks! Jonas Courteau
Jonas Courteau
2008-Oct-28 17:59 UTC
[Fedora-directory-users] Re: Confusion over what can/can''t be synced with Windows Sync
Hello: I was hoping someone, anyone, would have some ideas on this. Is it just expected that you''d only want to sync something like ou=Users,dc=example,dc=com? Thanks! Jonas Courteau On Mon, 2008-10-20 at 15:31 -0700, Jonas Courteau wrote:> Hello all: > > I''ve been fiddling around off and on getting a fedora DS box sync''d with > our AD server. The problem is, the way the users are arranged on the AD > server, I''m not sure how to sync everything at once. > > The layout (appropriately anonymized) on the AD server: > - dc=example,dc=com > |- ou=Groups > | |- a bunch of groups > | > |- ou=Unit1 > | |- a bunch of users belonging to one business unit > | > |- ou=Unit2 > | |- more users, different business unit > | > |- ou=Users > |- system users > > On the DS side of things, I''ve manually created the appropriate OUs, but > the question is - how do I configure the sync agreement to sync all the > OUs at once? It only seems to work if I configure the sync agreement to > a subtree including only one of the OUs. > > I''m trying to do this without having to convince the AD administrator to > change his odd layout of users - any ideas? > > Thanks! > > Jonas Courteau
Erling Ringen Elvsrud
2008-Oct-31 11:38 UTC
Re: [Fedora-directory-users] Re: Confusion over what can/can''t be synced with Windows Sync
On 10/28/08, Jonas Courteau <jonas.courteau@bravenet.com> wrote:> Hello: > > I was hoping someone, anyone, would have some ideas on this. Is it just > expected that you''d only want to sync something like > ou=Users,dc=example,dc=com?According to the Red Hat Directory Server 8.0 Administrator''s guide: "A single Active Directory subtree is synchronized with a single Directory Server Subtree, and vice versa. Unlike replication, which connects databases, synchronization is between suffixes, parts of the directory tree structure." So you probably have to to set up one synchronization agreement for each ou you want to synchronize. Erling