On 09/27/2012 02:57 PM, Steven Jones wrote:
Hi,

Yes existing IPA users....all users that are in AD lose ipausers AND any IPA 
user groups they were assigned to in IPA before the winsync takes place.

So to be clear (I hope),

After the winsync any IPA user NOT in AD stays in ipausers and their assigned 
IPA groups and works normally.

After the winsync any pre-sync user in IPA and AD loses ALL IPA user group 
membership not just ipauser....and is not working.

Ok.  This is a new issue.


After the winsync any user not until then in IPA but synced over from AD does 
not end up in ipausers (which was my understanding what was meant to happen).  
That actually is no biggee...
Right, this is https://fedorahosted.org/freeipa/ticket/2324

So I lost 80% of my user setup, its a lot bigger issue than "not added to 
ipauser" group.

:(

Fortunately its a cloned virtual test bed....and not production.....ouch...

This and not bringing over all users because the user can have a sub-folder for 
mobile phone sync so gets wiped by the previous bug we discussed are total show 
stoppers for our IPA and RHEL desktop deployment,
This is a new one, perhaps I missed it. If an AD user has a sub-folder, that user is not synced to IPA, and due to #355 winsync should not delete entry that appears to be out of scope it then is deleted from IPA?

In this case, should winsync sync the sub-folder, or ignore it, and just sync the user entry?

Which seems to imply not this year?

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Rich Megginson [rmegg...@redhat.com]
Sent: Friday, 28 September 2012 4:08 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] winsync agreement transferred users not going into 
ipausers and existing users dropped from all their groups

On 09/26/2012 03:17 PM, Steven Jones wrote:
Is this expected?
Ticket #2324 AD Users synced to IPA server are not added to "ipausers" group
https://fedorahosted.org/freeipa/ticket/2324

By "existing users" do you mean existing users in IPA?  Are these users
synced with entries in AD?

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to