I'm working with the new attribute "onewaysync" to manage replication between our AD domain and 389ds. To start with I've created a windows repl. agreement, then set that attribute the value "fromWindows" .So far it seems to work. My question is, which method you find better, in order to protect the Active Directory objects from potential modifications made by 389?
a) Use a proxy user for the repl. agreement with tailored permissions? If so, which permissions are you using?
b) Leave it as such, without the "onewaysync" attr. Besides, it is a consumer replica, so by design it wasnt meant to send updates.
Which other choices you have in mind* or have already implemented? And finally, is there a way to select* a subset of windows attributes to be sync'd to 389?
389 users mailing list