No, I dont think so. Ive asked this....you have to clean up AD / the contents
of the container you are syncing.
We have 8000+ items at least 1/2 of which are not required, eg things like
templates so when we sync we bring all of it across and it makes IPA a huge
mess. I'd like a rule to at least block something's eg anything called
template* which would help a lot.
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Tovey, Mark [mto...@go2uti.com]
Sent: Wednesday, 17 July 2013 7:48 a.m.
Subject: [Freeipa-users] Limit password synchronization from Active Directory
Is there a way to limit what user accounts are synchronized from Active
Directory? There are around 15,000 entries in our production AD system, but
probably only about 300 of those need to have an account in the IPA system.
Can we set an attribute in the user information in AD that would flag that this
is a candidate for replication, and lack of that attribute would cause an
account to be skipped?
Mark Tovey - UNIX Engineer | Service Strategy & Design
UTi<http://www.go2uti.com/> | 400 SW Sixth Ave, Suite 1100 | Portland | Oregon
| 97204 | USA
mto...@go2uti.com<mailto:mto...@go2uti.com> | O / C +1 503 953-1389 | Skype:
Freeipa-users mailing list