Thanks Rich, I am able to create a successful winsync agreement from the top level.
Unfortunately, when I do this. I do not see any of the accounts from the sub trees populate my ipa server. Is it possible to have all the subtrees (ous) live under cn=users. If I make this change to AD would IPA then sync all the accounts from the subtrees? I cant believe I am the first person with this issue or need. Thanks again in advance. From: Rich Megginson [mailto:rmegg...@redhat.com] Sent: Monday, March 17, 2014 2:44 PM To: Todd Maugh; email@example.com Subject: Re: [Freeipa-users] Has one successfully synched the entirety of their AD to IPA (multiple OUs and or Subtrees) On 03/17/2014 03:33 PM, Todd Maugh wrote: I'm trying to sync all of my AD to IPA, I don't need to retain any of the original windows directory structure once in IPA. I cannot find where to set ipaWinSyncUserFlatten to true (so I'm assuming it's on true by default) Yes, it is true by default. dn: cn=ipa-winsync,cn=plugins,cn=config I really need to be able to sync more than just the cn=users subtree There really isn't explicit support for this. If it doesn't work to set your AD subtree to your root suffix (e.g. dc=domain,dc=com), then it's simply not going to work until 389 adds support for that. And I can find no documentation or help on line. Because there probably isn't any. Has anyone had any success or practice with this? See above. Thanks -Todd Todd Maugh Sr System Engineer Boingo Wireless tma...@boingo.com<mailto:tma...@boingo.com> _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org<mailto:Freeipaemail@example.com> https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users