[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-directory-users
Subject:    Re: [Fedora-directory-users] password sync with 2 AD domains
From:       David Boreham <david_list () boreham ! org>
Date:       2006-10-29 16:05:53
Message-ID: 4544D161.8080208 () boreham ! org
[Download RAW message or body]


> Is there any hope that a virtual view would be enough ? I have indeed
> a single ou for all the users in FDS.

Not without code changes, I don't think so. The code uses certain
criteria to determine if a given entry 'belongs' in the target AD.
It can support multiple AD domains (create multiple sync agreements).
However the criteria are : correct object class, and correct subtree.
Therefore your entries would match for both agreements and hence
get sync'ed to both AD domains, which is not what you want.

The 'fix' would be to store the domain name in the entry
(possibly this is already done, I can't remember), and then
add that to the criteria for syncing.


[prev in list] [next in list] [prev in thread] [next in thread]