Hi, No, I dont think so. Ive asked this....you have to clean up AD / the contents of the container you are syncing.
We have 8000+ items at least 1/2 of which are not required, eg things like templates so when we sync we bring all of it across and it makes IPA a huge mess. I'd like a rule to at least block something's eg anything called template* which would help a lot. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Tovey, Mark [mto...@go2uti.com] Sent: Wednesday, 17 July 2013 7:48 a.m. To: Freeipaemail@example.com Subject: [Freeipa-users] Limit password synchronization from Active Directory Is there a way to limit what user accounts are synchronized from Active Directory? There are around 15,000 entries in our production AD system, but probably only about 300 of those need to have an account in the IPA system. Can we set an attribute in the user information in AD that would flag that this is a candidate for replication, and lack of that attribute would cause an account to be skipped? Thanks, -Mark ________________________________________________________________ Mark Tovey - UNIX Engineer | Service Strategy & Design UTi<http://www.go2uti.com/> | 400 SW Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA mto...@go2uti.com<mailto:mto...@go2uti.com> | O / C +1 503 953-1389 | Skype: mark.tovey2
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users