Scott Boggs wrote:
I am interested in knowing if anyone is using the PassSync functionality in only one direction, making the Fedora-DS a consumer only to the Active Directory server. I am only interested in populating the Fedora-DS with the user account information and passwords; there is no need for me to go in the other direction. With that in mind, would I still create a 'Single Master' replication configuration or is there an alternate method since the Fedora-DS is really only the consumer and not a supplier? My guess is that a 'Single Master' configuration will still have to be created since the winsync code builds off the replication plug-in. If it turns out that the Fedora-DS must be a supplier, is there any method to stop the Fedora-DS from expecting the Active Directory system to have correctly sync'd databases?
If you _only_ need passwords propagated from AD to FDS, then you can simply install only the PassSync service, and not configure any WinSync replication agreement.
If you need that plus inbound sync updates from AD to FDS (e.g. new users, non-password attribute changes), then you can achieve the desired functionality only with a code change. It'd be a very simple code change I think though : just find the place where changelog records are read and processed for sending to AD. Comment out that code. I can't think of a reason why disabling outbound updates would break any of the inbound functionality, but I've only thought about it for a few minutes...