FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 10-22-2010, 03:44 PM
"Glenn"
 
Default Synchronizing Account Inactivation with Account Disabling

We are still using Fedora Directory Server 1.0.4 and synchronizing with
Active Directory. Our procedure for removing accounts includes a waiting
period when the AD account is disabled. Disabling the AD account does not
inactivate the corresponding FD account. The folks that do account
maintenance do not have access to the FD java console, so rather than
inactivating the FD account, they delete it using DSGW. Unfortunately, this
also deletes the disabled AD account.

Is there a way to make sync inactivate the FD account when the AD account is
disabled?

As an alternative, can we make account activation/inactivation available to
our account people via DSGW? Some particulars would be appreciated.

I know that setting the "ntuserdeleteaccount" attribute to "false" will
prevent the AD account from being removed when the FD account is removed.
But new accounts created in AD are duplicated by sync in FD with the
attribute set to "true". If anyone could suggest a way to make this default
to "false," that would be an improvement.

Thanks. -G.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 09:07 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org