Hi,
Using WinSync, is there any way to synchronize Active Directory custom extension attributes. Here is what I read from the Red Hat documentation:
Only a subset of Directory Server and Active Directory attributes are synchronized. These attributes are hard-coded and are defined regardless of which way the entry is being synchronized. Any other attributes present in the entry, either in Directory Server or in Active Directory, remain unaffected by synchronization.
Is this meaning that we can't synchronize Active Directory custom extension attributes ? Is there any workaround to make this work ?
Thanks in advance for your support.
On 01/25/2016 02:59 AM, Mor Ndoye wrote:
Hi,
Using WinSync, is there any way to synchronize Active Directory custom extension attributes. Here is what I read from the Red Hat documentation:
Only a subset of Directory Server and Active Directory attributes are synchronized. These attributes are hard-coded and are defined regardless of which way the entry is being synchronized. Any other attributes present in the entry, either in Directory Server or in Active Directory, remain unaffected by synchronization.
Is this meaning that we can't synchronize Active Directory custom extension attributes ? Is there any workaround to make this work ?
Not possible. See the following tickets: https://fedorahosted.org/389/ticket/179 https://fedorahosted.org/389/ticket/165 https://fedorahosted.org/389/ticket/180 https://fedorahosted.org/389/ticket/454 https://fedorahosted.org/389/ticket/150 https://fedorahosted.org/389/ticket/339
Take a look at FreeIPA and its AD Trust feature for a better alternative to windows sync.
Thanks in advance for your support.
389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
Hi,
Thanks a lot Rich for your answer. AD Trust is not what I need. I need users be present in the LDAP Directory (FreeIPA, 389 DS) because an Oracle Application is using this for LDAP authentication and also data updates (just one attribute, the custom extension attribute from AD).
Thx,
Perhaps via LSC --- http://lsc-project.org/wiki/?
________________________________________ From: Mor Ndoye [mndoye@fedoraproject.org] Sent: Tuesday, January 26, 2016 02:56 To: 389-users@lists.fedoraproject.org Subject: [389-users] Re: Synchronize Active Directory custom extension attributes to 389 DS
Hi,
Thanks a lot Rich for your answer. AD Trust is not what I need. I need users be present in the LDAP Directory (FreeIPA, 389 DS) because an Oracle Application is using this for LDAP authentication and also data updates (just one attribute, the custom extension attribute from AD).
Thx, -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
389-users@lists.fedoraproject.org