Posix for DS users created by IdSync.
Hello,
I have the following installed and configured on a Solaris10 (x86) box:
Directory Server 5 2005Q4 (5.2 P4)
Identity Synchronization for Windows 1 2004Q3 SP1
I have a Windows AD server in produtoin which has all users. I created an SUL to create/sync them with DS. I didnt create any user in DS to begin with. Just ran
/opt/SUNWisw/bin/idsync resync -c -w <passwd> -q <passwd> -i ALL_USERS
which created the users on DS side. But none of them has the POSIX enabled and no data in the fields such as uid/gid/home/shell etc. And thus no user can login to unix environment. I tried enabling and enteing fields for a test user and he could login.
How do I enable the POSIX for all users? Also, Can I enter the POSIX fields for users using command line ? My windows Admin says he is not able to figure out how to enter these from the AD side.
Any help would be greatly appreciated.
Thanks,
Deva.
[979 byte] By [
dkaralil] at [2007-11-26 11:24:47]
# 1
if the posixAccount/shadowAccount info do not exist in AD then they will not be sync'd to the SunDS. given that you don't need these attributes/object types in AD there really is no need to sync them.
i'd recommend that you created these account on the SunDS side and sync only attributes that you need. you also stated that your don't this against a production AD controller, if this is the case then it's is a really bad idea. you might inadvertently nuke all of you production users. i'd setup a VMware image with a test AD server running and do all of you testing against that. this way if/when something goes wrong it doesn't matter.
# 2
your windows admin should read this:
http://www.microsoft.com/technet/interopmigration/unix/sfu/default.mspx
as far as i know, windows 2003 server rc2 allready has the required objectclasses in AD
the other way is to add the posix attributes for each user on sun one ds 5.2 side
after the initiall sync.
# 3
Thanks a lot for the replies.
I got this working. My Windows Admin finally figured out that he can enter uid, primaryGID, homedirectory in AD side. I then matched the following as the object creation attributes on ISW
DS -> AD
uidnmuber-->uid
gidnumber-->primarygroupid
homedirectory-->homedirectory
After that, I could see the posix enabled for newly created users. I am going to add the shell/gecos etc. using a script.
Thanks to both of you.
Deva.
