Apq/389-ds-base: 域控 @ 18c6029f64c48b330a101cbadceb8293d39bf5e2

ИН на ревизия: 18c6029f64

389-ds-base-1.2.11

389-ds-base-1.3.10

389-ds-base-1.3.11

389-ds-base-1.3.2

389-ds-base-1.3.3

389-ds-base-1.3.4

389-ds-base-1.3.5

389-ds-base-1.3.6

389-ds-base-1.3.7

389-ds-base-1.3.8

389-ds-base-1.3.9

389-ds-base-1.4.0

389-ds-base-1.4.1

389-ds-base-1.4.2

389-ds-base-1.4.3

389-ds-base-1.4.4

389-ds-base-2.0

389-ds-base-2.1

389-ds-base-2.2

389-ds-base-2.3

389-ds-base-2.4

389-ds-base-2.5

389-ds-base-2.6

389-ds-base-2.7

389-ds-base-3.0

dependabot/npm_and_yarn/src/cockpit/389-console/js-yaml-4.1.1

main

Noriko Hosoi 2c484cc6e8 Ticket #48223 - Winsync fails when AD users have multiple spaces (two)inside the value of the rdn attribute		преди 10 години
..
README	34eea5d06d Ticket #426 - support posix schema for user and group sync	преди 13 години
posix-group-func.c	2c484cc6e8 Ticket #48223 - Winsync fails when AD users have multiple spaces (two)inside the value of the rdn attribute	преди 10 години
posix-group-func.h	8d5410e2e0 Ticket #47770 - #481 breaks possibility to reassemble memberuid list	преди 11 години
posix-group-task.c	0cfda18c12 Ticket #48005 - ns-slapd crash in shutdown phase	преди 10 години
posix-winsync-config.c	817bc41e64 Ticket #48032,48033 - change C code license to GPLv3; change C code license to allow openssl	преди 10 години
posix-winsync.c	9300e96ae0 Ticket #48001 - ns-activate.pl fails to activate account if it was disabled on AD	преди 10 години
posix-wsp-ident.h	8d5410e2e0 Ticket #47770 - #481 breaks possibility to reassemble memberuid list	преди 11 години

		
			
			
				README
			
		
		
	
			
				This is a winsync plugin for the 389 directory server. http://port389.org

The Posix Winsync Plugin syncs Posix attributes between 389 DS and MS
AD for users and groups, if the attributes are available in one of the
tow worlds. For syncing from AD to DS it will add the objectclass
posixAccount and ShadowAccount or posixGroup for the ldap entry.
For sync a user or group from DS to AD AD needs a nisdomain name, the
nisdomin name I have stored in the upper container of the users and
groups, e.g.:
dn: dc=example,dc=dom
nisDomain: example
objectClass: top
objectClass: domain
objectClass: nisdomainobject
dc: example
It can be stored in any container above the user and group container
and below the replicated DS subtree.
The MSFU35 and the RFC2307 schema of AD is supported, but must
configured in the plugin.  User lock/unlock will sync and lock the user
on DS with nsmanageddisabledrole.  The code is borrowed from the
freeIPA project.
It is also possible to generate memberUid Attributes in Posix Groups
corresponding the group members, if the members are Posix Users.
After syncing from AD with a change in group membership, it will
schedule a 'Member of Plugin' task, so that users get the memberOf
attributes. For that the posix user get the objectclass inetUser

Configuration

The configuration entry DN is cn=Posix Winsync API,cn=plugins,cn=config

there are 4 Config attributes:

posixWinsyncMsSFUSchema -- set this true for the old MSFU schema on W2k3 AD's
	default: false

posixWinsyncMapMemberUID -- set this false, if you don't want generate memberUid attributs in posix Groups
	default: true

posixWinsyncCreateMemberOfTask -- create a task for the member of plugin to
	generate the memberOf attributes in a user, if a group membership in
	any user is changed while syncing. The postop-/preop plugins will not
	called through winsync, thats why create a task.
	default: false

posixWinsyncLowerCaseUID: some customers use uppercase letters in samAccountName
 	which is mapped to uid. uid should be case insensitve and works on
	Unix/Linux for users, but makes problems with supplementary groups (a least on Solaris)
	so you can set this to true, so that memberUid attributes will convert to lowercase.
	default: false

			
		