Robert Sturrock via FreeIPA-users wrote: > Hi All. > > I’m exploring the use of IPA in a synchronisation (rather than trust) > arrangement with AD, as this fits a particular use-case we have here quite > well. > > Our AD is very large, so a large number of users are synchronised into IPA > and they come across by default as ‘Disabled’. This is fine - an > administrator can easily enable those who need access. > > However, the users all show up as ‘Active users’, rather than ‘Stage users’. > But it would be much better if they were ‘Stage users’ to start with, and > needed to be explicitly activated before moving into ‘Active users’. > > It seems that IPA doesn’t work this way in a synchronisation agreement? Is > there any way to configure the system so that it does?
There is no way to sync AD users as staged users. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
