On 07/05/2012 03:57 PM, Rich Megginson wrote:
On 07/05/2012 03:52 PM, Orion Poplawski wrote:
On 07/03/2012 10:49 AM, Rich Megginson wrote:
On 07/03/2012 10:45 AM, Orion Poplawski wrote:
We are looking to sync our groups between our ldap server and an AD server.
Our LDAP server also serves a samba domain for one of our offices. As a
result we have Domain Admins and Domain Computers groups for the samba
domain that we don't want to conflict with the AD groups of the same names.
So it seems like we should move the samba domain groups into a different
part of the tree. But we would still want to have a common shared group
area that is visible by all. Any suggestions as to how to achieve this?
Unless AD stores these groups in a different place in the tree, not in the
scope of other groups, I don't think it is possible with 389. Please file a
ticket.
Is there some way to make a specific subtree (e.g.
ou=cora,ou=Groups,dc=nwra,dc=com) consistent of entries in that sub-tree
plus entries (but not sub-trees) in the parent node (ou=Groups,dc=nwra,dc=com)?
No, not that I know of. I suppose you could try doing an ldapmodrdn operation
to move those groups in the 389 side from ou=groups to ou=cora - but I don't
know what will happen if winsync tries to sync those changes back to AD.
That was the different domains could point to their specific sub-tree for
private entries but still share some. I guess the common directory doesn't
need to be the parent, which might make it easier.
Hmm - if you move them (as described above), you can't share them.
I'm trying to implement it using aliases but that doesn't seem to be working.
I created:
dn: aliasedobjectname=ou\3DGroups\2Cdc\3Dnwra\2Cdc\3Dcom,ou=Groups,dc=cora,dc=
nwra,dc=com
aliasedObjectName: ou=Groups,dc=nwra,dc=com
objectClass: top
objectClass: alias
to try to link in the common Groups under a private subtree, but ldapsearch
just returns the alias object instead of traversing to
ou=Groups,dc=nwra,dc=com. This doesn't seems to be correct. Does 389-server
support aliases?
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane or...@nwra.com
Boulder, CO 80301 http://www.nwra.com
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
