hello, answering to myself: I suppose I could add another synchronization task from ou=OldPeople that deactivate the account in AD. and document that one SHALL NOT run lsc with the -c clean command
Is this the right thing to do, or is there another, better, way? TIA. regards, 2015-02-25 23:48 GMT+04:00 Jephte Clain <[email protected]>: > hello, > > I have a lsc task to synchronise users between OpenLDAP and AD > > is there a way to *deactivate* an AD user if the corresponding user in > OpenLDAP is deleted, instead of also deleting the user in AD? > > let me give a bit of context here: our directory follows the "SUPANN" > standard which mandates that the ou=People branch only contains valid > accounts. > Invalids accounts are moved into a branch named ou=OldPeople > > When an account is reactivated, it is moved again in ou=People. > > Now, when I synchronize from OpenLDAP to AD, I don't want an account > to be deleted when it's no longer in ou=People. > > Is this even possible at all? > > Thanks in advance for any ideas > With best regards, > > -- > Jephté Clain > Direction des Systèmes d'Information > et des Usages Numériques - 2IG > Tél. 0262 93 86 31 > Fax. 0262 93 81 06 -- cordialement, Jephté Clain Direction des Systèmes d'Information et des Usages Numériques - 2IG Tél. 0262 93 86 31 Fax. 0262 93 81 06 _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
