Jason Beavers wrote:
Hi All,
Probably been asked before but i didn't quite find the answer i was
looking for by searching.
Is it possible to configure a Unidirectional Windows Sync agreement?
Scenario:
Large Enterprise with fully deployed Windows AD
We would like to develop an application that runs off of Fedora DS,
and allows the users to login using their normal AD credentials.
We'll be storing alot of application specific data about each user,
(preferences, settings, etc) in FedoraDS and are prohibited from
writing anything back to AD.
Which pretty much rules out modifying the AD schema, or writing
changes back to AD (corporate mandate, don't ask).
So basically what i'm asking is whether its possible to configure
Windows Sync such that Users (and passwords) can be sync'd over from
AD to FDS but not the other way around.
This way all user management (creation, password changes, etc) always
happens in AD and we only sync over the authentication credentials,
leaving the other stuff to FDS.
Make sense? Thoughts?
It's not directly supported, but I suppose you could
have your AD
administrator create a special admin user that had read/search rights
over the AD tree but not update/write rights. Then Fedora DS could read
the info from AD but not right any back. I don't know if this would
make Fedora DS blow up because it would get lots of errors attempting to
write updates to AD.
Thanks in advance
------------------------------------------------------------------------
Never miss a thing. Make Yahoo your homepage.
<
http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs>
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users