Scott Boggs wrote:
I am interested in knowing if anyone is using the PassSync
functionality in only one direction, making the Fedora-DS a consumer
only to the Active Directory server. I am only interested in
populating the Fedora-DS with the user account information and
passwords; there is no need for me to go in the other direction. With
that in mind, would I still create a 'Single Master' replication
configuration or is there an alternate method since the Fedora-DS is
really only the consumer and not a supplier? My guess is that a
'Single Master' configuration will still have to be created since the
winsync code builds off the replication plug-in. If it turns out that
the Fedora-DS must be a supplier, is there any method to stop the
Fedora-DS from expecting the Active Directory system to have correctly
sync'd databases?
If you _only_ need passwords propagated from AD to FDS, then you can
simply install only the PassSync service,
and not configure any WinSync replication agreement.
If you need that plus inbound sync updates from AD to FDS (e.g. new
users, non-password attribute changes),
then you can achieve the desired functionality only with a code change.
It'd be a very simple code change
I think though : just find the place where changelog records are read
and processed for sending to AD.
Comment out that code. I can't think of a reason why disabling outbound
updates would break any of the
inbound functionality, but I've only thought about it for a few minutes...