Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   What to do about windows sync when AD entries move out of scope (http://www.linux-archive.org/fedora-directory/696807-what-do-about-windows-sync-when-ad-entries-move-out-scope.html)

Rich Megginson 08-22-2012 08:09 PM
What to do about windows sync when AD entries move out of scope
 
Let's say you have a windows sync agreement
AD: cn=Users,dc=example,dc=com
DS: ou=People,dc=example,dc=com

Let's say you also have another user container in AD:
cn=OtherUsers,dc=example,dc=com

Let's say you have a user in AD in cn=Users in sync with a user in DS in
ou=People.


What should happen if you move the user in AD from cn=Users to
cn=OtherUsers? Should DS "disconnect" the entry (i.e. remote the ntuser
attributes) so the entry is no longer in sync? Should winsync do
something else?


Conversely, what should happen if a user is moved from cn=OtherUsers to
cn=Users? Should DS treat it as adding a new user or "connect" an
existing user if the userids match?


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


All times are GMT. The time now is 01:19 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.