Modifying The Synchronization Agreement; Active Directory Schema Compatibility - Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual

Table of Contents

Advertisement

The total update time shows when the last resynchronization operation completed.

Modifying the Synchronization Agreement

It is possible to modify parts of the synchronization agreement after it has been
created.
In the Configuration>Replication tab of the Directory Server Console, select the
sync agreement icon from beneath the database. There are two tabs: Summary, and
Connection.
The Summary tab allows you to change the description of the agreement. This
tab also shows the sync peer host and port information and synchronized
subtrees.
The Connection tab will let you change the bind DN and bind credentials for
the sync manager. It will also show whether this is over an SSL connection.
Finally, it shows whether new user and group entries will be created in the
Directory Server.

Active Directory Schema Compatibility

Although Active Directory supports the same basic X.500 object classes as
Directory Server, there are a few subtle incompatibilities of which administrators
should be aware:
Both Active Directory and Directory Server can enforce password policy that can
enforce certain requirements upon passwords: minimum length, maximum
age and so forth. Windows Sync does not synchronize the policies, nor does it
ensure that the policies are consistent. This is something that the
administrators of both systems must ensure is done. If password policy is not
consistent, then password changes made on one system may fail when
replayed on the other system.
Nested groups (where a group contains another group as a member) are
supported and will be synchronized. However, Active Directory imposes
certain constraints for the composition of nested groups. For example, a global
group may not be a member of a local group. Directory Server has no concept
of local and global groups, and therefore, it is possible to create entries on the
Directory Server side that will violate Active Directory's constraints when
synchronized. Again, it is the responsibility of the administrators to ensure that
this does not happen.
Active Directory Schema Compatibility
Chapter 18
Windows Sync
567

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the DIRECTORY SERVER 7.1 - ADMINISTRATOR and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

This manual is also suitable for:

Directory server 7.1

Table of Contents