https://bugzilla.redhat.com/show_bug.cgi?id=746646
In RHDS 8.2 (and 9.0 AFAIK), the only real way to limit which users and groups to synchronise from AD into RHDS is via writing a plugin. It is possible only to synchronise a specific AD sub-tree, but this doesn't work if the AD users and groups to sync are laid out all over the AD tree. It would be really nice to be able to configure, per sync agreement, two LDAP filters which enabled winsync only to pull in certain AD users and certain groups, e.g. those matching certain criteria (e.g. AD groups within a certain set of CNs/OUs; AD users with a certain attribute set indicating synchronisation required). The end user aim of this would be to prevent sprawling AD groups making an RHDS server messy or prevent the security risk of synchronising unwanted user accounts to RHDS.
batch update moving tickets to future
set default ticket origin to Community
Added initial screened field value.
This is being addressed in ticket#460. Closing this as a duplicate.
Metadata Update from @rmeggins: - Issue set to the milestone: N/A
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/178
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Duplicate)
Login to comment on this ticket.