[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-users
Subject: [389-users] "onewaysync" attr.
From: Juan Carlos Camargo Carrillo <juancar () eprinsa ! es>
Date: 2011-01-28 12:43:08
Message-ID: 1296218588.2660.43.camel () pc15169ub
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi everyone,
I'm working with the new attribute "onewaysync" to manage replication
between our AD domain and 389ds. To start with I've created a windows
repl. agreement, then set that attribute the value "fromWindows" .So far
it seems to work. My question is, which method you find better, in order
to protect the Active Directory objects from potential modifications
made by 389?
a) Use a proxy user for the repl. agreement with tailored permissions?
If so, which permissions are you using?
b) Leave it as such, without the "onewaysync" attr. Besides, it is a
consumer replica, so by design it wasnt meant to send updates.
Which other choices you have in mind or have already implemented? And
finally, is there a way to select a subset of windows attributes to be
sync'd to 389?
Regards!!
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.30.3">
</HEAD>
<BODY>
Hi everyone,<BR>
<BR>
I'm working with the new attribute "onewaysync" to manage replication \
between our AD domain and 389ds. To start with I've created a windows repl. \
agreement, then set that attribute the value "fromWindows" .So far it seems \
to work. My question is, which method you find better, in order to protect the Active \
Directory objects from potential modifications made by 389?<BR> <BR>
a) Use a proxy user for the repl. agreement with tailored permissions? If so, which \
permissions are you using?<BR> b) Leave it as such, without the \
"onewaysync" attr. Besides, it is a consumer replica, so by design it wasnt \
meant to send updates. <BR> <BR>
Which other choices you have in mind or have already implemented? And finally, \
is there a way to select a subset of windows attributes to be sync'd to \
389?<BR> Regards!!<BR>
<BR>
</BODY>
</HTML>
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic