16.9. Synchronizing POSIX Attributes for Users and Groups
ntGroupattributes automatically added which identify them as Windows accounts, but no POSIX attributes are synchronized over (even if they exist on the Active Directory entry) and no POSIX attributes are added on the Directory Server side.
homeDirectory) are synchronized between Active Directory and Directory Server entries. However, if a new POSIX entry or POSIX attributes are added to an existing entry in the Directory Server, only the POSIX attributes are synchronized over to the Active Directory corresponding entry. The POSIX object class (
posixAccountfor users and
posixGroupfor groups) is not added to the Active Directory entry.
16.9.1. Enabling POSIX Attribute Synchronization
- Enable the plug-in:
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin "cn=Posix Winsync API,cn=plugins,cn=config" enable
- Restart the instance:
# dsctl instance_name restartIf you enable the dynamic plug-in as described in Section 1.10.2, “Enabling Plug-ins Dynamically”, restarting the instance is not required.
16.9.2. Changing Posix Group Attribute Synchronization Settings
- Use the following command to enable the nested group mapping:
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin posix-winsync set --map-nested-grouping="true"
- Restart the Directory Server to load the new configuration.
# dsctl instance_name restart
16.9.3. Fixing Mismatched member and uniqueMember Attribute Values in posixGroup Entries
uniqueMemberattribute values in
posixGroupentries on Directory Server and Active Directory (AD) do not match, use the
dsconf plugin posix-winsync fixupcommand to fix the problem:
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin posix-winsync fixup DN
memberUidvalues on Directory Server and automatically modifies the
uniqueMemberattribute values to match the values defined in AD.
-f filterparameter to the command to specify in which entries the command should fix
memberUidattributes. Without a filter, the command operates on all entries that contain the