Apparently synchronizing new users down from AD didn't work as the
account didn't have uidNumber added, an attribute required by the
posixAccount objectclass.

This fixes new users synchronization.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From 060e3bd7bc5e073ab2ee8be856a880fecd69bed9 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Fri, 25 Feb 2011 17:00:24 -0500
Subject: [PATCH 4/8] Fix user synchronization.

We need to set uidNumber and gidNumber to the magic values so that DNA can
assign appropriate Ids, otherwise the synchronization of users from AD will
fail with an error about posixAccount requiring a missing (uidNumber)
attribute.

Fixes: https://fedorahosted.org/freeipa/ticket/1020
---
 .../ipa-winsync/ipa-winsync-conf.ldif              |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
index e1e397f9054c6bef2ee295c314195a5249a6560e..42026221d19133bba733114c388227635469ac90 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
@@ -26,3 +26,5 @@ ipaWinSyncAcctDisable: both
 ipaWinSyncInactivatedFilter: (&(cn=inactivated)(objectclass=groupOfNames))
 ipaWinSyncActivatedFilter: (&(cn=activated)(objectclass=groupOfNames))
 ipaWinSyncForceSync: true
+ipaWinSyncUserAttr: uidNumber 999
+ipaWinSyncUserAttr: gidNumber 999
-- 
1.7.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to