Home Explore Help
Register Sign In
Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: a4ca0cc6b0
Branches Tags
389-ds-base
/
ldap
/
servers
/
plugins
/
posix-winsync
/
README

README 2.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 
  1. This is a winsync plugin for the 389 directory server. http://port389.org
    2. 

  2. 

  3. The Posix Winsync Plugin syncs Posix attributes between 389 DS and MS
    4. 

  4. AD for users and groups, if the attributes are available in one of the
    5. 

  5. tow worlds. For syncing from AD to DS it will add the objectclass
    6. 

  6. posixAccount and ShadowAccount or posixGroup for the ldap entry.
    7. 

  7. For sync a user or group from DS to AD AD needs a nisdomain name, the
    8. 

  8. nisdomin name I have stored in the upper container of the users and
    9. 

  9. groups, e.g.:
    10. 

  10. dn: dc=example,dc=dom
    11. 

  11. nisDomain: example
    12. 

  12. objectClass: top
    13. 

  13. objectClass: domain
    14. 

  14. objectClass: nisdomainobject
    15. 

  15. dc: example
    16. 

  16. It can be stored in any container above the user and group container
    17. 

  17. and below the replicated DS subtree.
    18. 

  18. The MSFU35 and the RFC2307 schema of AD is supported, but must
    19. 

  19. configured in the plugin.  User lock/unlock will sync and lock the user
    20. 

  20. on DS with nsmanageddisabledrole.  The code is borrowed from the
    21. 

  21. freeIPA project.
    22. 

  22. It is also possible to generate memberUid Attributes in Posix Groups
    23. 

  23. corresponding the group members, if the members are Posix Users.
    24. 

  24. After syncing from AD with a change in group membership, it will
    25. 

  25. schedule a 'Member of Plugin' task, so that users get the memberOf
    26. 

  26. attributes. For that the posix user get the objectclass inetUser
    27. 

  27. 

  28. Configuration
    29. 

  29. 

  30. The configuration entry DN is cn=Posix Winsync API,cn=plugins,cn=config
    31. 

  31. 

  32. there are 4 Config attributes:
    33. 

  33. 

  34. posixWinsyncMsSFUSchema -- set this true for the old MSFU schema on W2k3 AD's
    35. 

  35. 	default: false
    36. 

  36. 

  37. posixWinsyncMapMemberUID -- set this false, if you don't want generate memberUid attributs in posix Groups
    38. 

  38. 	default: true
    39. 

  39. 

  40. posixWinsyncCreateMemberOfTask -- create a task for the member of plugin to
    41. 

  41. 	generate the memberOf attributes in a user, if a group membership in
    42. 

  42. 	any user is changed while syncing. The postop-/preop plugins will not
    43. 

  43. 	called through winsync, thats why create a task.
    44. 

  44. 	default: false
    45. 

  45. 

  46. posixWinsyncLowerCaseUID: some customers use uppercase letters in samAccountName
    47. 

  47.  	which is mapped to uid. uid should be case insensitve and works on
    48. 

  48. 	Unix/Linux for users, but makes problems with supplementary groups (a least on Solaris)
    49. 

  49. 	so you can set this to true, so that memberUid attributes will convert to lowercase.
    50. 

  50. 	default: false
    51.