On 02/10/2012 01:46 PM, Rich Megginson wrote: > On 02/10/2012 11:41 AM, Dmitri Pal wrote: >> On 02/10/2012 10:28 AM, Rich Megginson wrote: >>> On 02/10/2012 04:01 AM, David Juran wrote: >>>> Hello >>>> >>>> I wonder if it's somehow possible to sync AD-users more selectively >>>> then >>>> just by sub-tree. In my case, I'm dealing with a very large >>>> organisation >>>> where the users that are to be synced to IPA aren't grouped by a >>>> subtree >>>> in AD but rather spread out. Can this be handled somehow? >>>> >>> I don't think so, but can you provide some examples? >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> Freeipaemail@example.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> Rich, can one create two different winsync agreements that use different >> sub trees on the AD side? > Yes, if they also use two different sub trees on the IPA side. > Otherwise, you have two different winsync agreements covering the same > ipa subtree - I have no idea what would happen.
If the users are different then there should be no collision. Are you concerned about two winsyncs stepping on each other in terms of keeping the view (persistent search or something like) at IPA data consistent? >> If there anything that would prevent it to >> work? May be it should be done from 2 IPA replicas? > You might still have problems with that scenario, just delayed. That > is, the ipa subtree is the same on both replicas, so you still have > the same problem, just delayed by the speed of replication. > > The only way to know for sure would be to get some concrete examples, > then try it out. -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users