Hi, You can specify a --winsubtree, provided all the users you want are in that, I think that will work.
For filters, Ive suggested that, we have so much garbage in our AD that its cluttering IPA badly. eg we have hundred templates, so I'd like to block those from being transferred. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dag Wieers [d...@wieers.com] Sent: Thursday, 14 February 2013 3:58 a.m. To: freeipa-users@redhat.com Subject: [Freeipa-users] RHEL6 IPA and Active Directory synchronisation and Solaris RBAC Hi, We are investigating whether IPA is an acceptable solution for our environment. One of the aspects that is not clear (from reading the documentation and testing it without AD) is whether the synchronization with AD can be limited to a subset. Since we would like to only synchronize certain user-accounts (conforming to a specific format) from AD unidirectionally, and we also want to manage functional/technical accounts on IPA, we need to make sure that we: - can filter the stuff we pull from AD - can avoid the synchronisation to remove other accounts managed in IPA Can someone confirm that this is possible ? Is there any indepth information on how this AD sycnhronization works (preferably about RHEL6 IPA) ? Also since we also require compatibility with Solaris, and roles (RBAC) is currently used on Solaris, does IPA support RBAC on Solaris ? (We noticed that RBAC mentioned in the IPA web interface only relates to IPA management). Thanks in advance, -- -- dag wieers, d...@wieers.com, http://dag.wieers.com/ -- dagit linux solutions, i...@dagit.net, http://dagit.net/ [Any errors in spelling, tact or fact are transmission errors] _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
