Hi guys,
a couple of questions about AD synchronization.

I read in the guide these points:
- A synchronization operation runs every five minutes.  --> I read that it
can be triggered on demand, but is it possibile to change the value of this
- Synchronization can only be configured with one Active Directory domain.
Multiple domains are not supported.  --> Do they will in a future version?
- While modifications are bi-directional (going both from Active Directory
to FreeIPA and from FreeIPA to Active Directory), new accounts are only
uni-directional. New accounts created in Active Directory are synchronized
over to FreeIPA. However, user accounts created in FreeIPA must also be
added in Active Directory before they will be synchronized.
     ---> What is the origin of this restriction? I mean, why cannot be
created a user in AD by FreeIPA?

And another question, not related to the synchronization:
- In the FreeIPA 389-ds I see used the "DUA Config Profile" objectClass. To
learn what it is I already read RFC#4876. Now I would like to have a look
at a document/draft/etc..  about his using within FreeIPA. Is it available
anywhere? If no, could someone give some explanation?

Thanks a lot as usual!
Freeipa-users mailing list

Reply via email to