On 07/16/2013 01:48 PM, Tovey, Mark wrote:


Is there a way to limit what user accounts are synchronized from Active Directory? There are around 15,000 entries in our production AD system, but probably only about 300 of those need to have an account in the IPA system. Can we set an attribute in the user information in AD that would flag that this is a candidate for replication, and lack of that attribute would cause an account to be skipped?


No. The only thing you can do is create a special container (cn=IPA users or ou=IPA users or something like that), move the users you want to sync into that container, and sync only that container.

    Thanks,

    -Mark

**

*________________________________________________________________*

*Mark Tovey - UNIX Engineer | Service Strategy & Design*

UTi <http://www.go2uti.com/> | 400 SW Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA

mto...@go2uti.com <mailto:mto...@go2uti.com> | O / C +1 503 953-1389 | Skype: mark.tovey2



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to