4.15. Posix Winsync API Plug-in Attributes

By default, Posix-related attributes are not synchronized between Active Directory and Red Hat Directory Server. On Linux systems, system users and groups are identified as Posix entries, and LDAP Posix attributes contain that required information. However, when Windows users are synced over, they have ntUser and ntGroup attributes automatically added which identify them as Windows accounts, but no Posix attributes are synced over (even if they exist on the Active Directory entry) and no Posix attributes are added on the Directory Server side.
The Posix Winsync API Plug-in synchronizes POSIX attributes between Active Directory and Directory Server entries.

Note

All POSIX attributes (such as uidNumber, gidNumber, and homeDirectory) are synchronized between Active Directory and Directory Server entries. However, if a new POSIX entry or POSIX attributes are added to an existing entry in the Directory Server, only the POSIX attributes are synchronized over to the Active Directory corresponding entry. The POSIX object class (posixAccount for users and posixGroup for groups) is not added to the Active Directory entry.
This plug-in is disabled by default and must be enabled before any Posix attributes will be synchronized from the Active Directory entry to the Directory Server entry.

4.15.1. posixWinsyncCreateMemberOfTask

This attribute sets whether to run the memberOf fix-up task immediately after a sync run in order to update group memberships for synced users. This is disabled by default because the memberOf fix-up task can be resource-intensive and cause performance issues if it is run too frequently.
Parameter Description
Entry DN cn=Posix Winsync API Plugin,cn=plugins,cn=config
Valid Range true | false
Default Value false
Example posixWinsyncCreateMemberOfTask: false

4.15.2. posixWinsyncLowerCaseUID

This attribute sets whether to store (and, if necessary, convert) the UID value in the memberUID attribute in lower case.
Parameter Description
Entry DN cn=Posix Winsync API Plugin,cn=plugins,cn=config
Valid Range true | false
Default Value false
Example posixWinsyncLowerCaseUID: false

4.15.3. posixWinsyncMapMemberUID

This attribute sets whether to map the memberUID attribute in an Active Directory group to the uniqueMember attribute in a Directory Server group.
Parameter Description
Entry DN cn=Posix Winsync API Plugin,cn=plugins,cn=config
Valid Range true | false
Default Value true
Example posixWinsyncMapMemberUID: false

4.15.4. posixWinsyncMapNestedGrouping

The posixWinsyncMapNestedGrouping parameter manages if nested groups are updated when memberUID attributes in an Active Directory POSIX group change. Updating nested groups is supported up a depth of five levels.
Parameter Description
Entry DN cn=Posix Winsync API Plugin,cn=plugins,cn=config
Valid Range true | false
Default Value false
Example posixWinsyncMapNestedGrouping: false

4.15.5. posixWinsyncMsSFUSchema

This attribute sets whether to the older Microsoft System Services for Unix 3.0 (msSFU30) schema when syncing Posix attributes from Active Directory. By default, the Posix Winsync API Plug-in uses Posix schema for modern Active Directory servers: 2005, 2008, and later versions. There are slight differences between the modern Active Directory Posix schema and the Posix schema used by Windows Server 2003 and older Windows servers. If an Active Directory domain is using the older-style schema, then the older-style schema can be used instead.
Parameter Description
Entry DN cn=Posix Winsync API Plugin,cn=plugins,cn=config
Valid Range true | false
Default Value false
Example posixWinsyncMsSFUSchema: true