Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: robb on October 03, 2013, 07:04:30 pm

Title: Moving accounts / OU along the LDAP tree
Post by: robb on October 03, 2013, 07:04:30 pm
As far as I can see, there is currently no option to move an account from 1 OU to another, or move OU's to another location on the LDAP tree.
So I have a few questions to make shed some light on this:
- Is it possible to move accounts from 1 OU to another?
- Do you have to use 3rd party tools?
- If so, what tools are qualified and/or recommended to do this?
- Can this be done with both Windows and Linux clients/software?

Reasoning behind these question:
Imagine you have multiple locations and you want to implement replication between those locations in a scheduled way. The 'Microsoft way' is to create sites. Now imagine a collegue is working on 1 location and will be transferred to another location. His account should get transferred to that new location too otherwise profile and home directory will use a lot of slow WAN links making it a horrible experience for the user. Obviously mail, profile and files should remain available so delete-and-recreate the account is no option.

I hope Julien, Josh or Samuel can respond on this.
Title: Re: Moving accounts / OU along the LDAP tree
Post by: christian on October 03, 2013, 07:58:19 pm
I would be surprised if it can't be done using any LDAP management interface in case you run Zentyal without file sharing (Samba).
With file sharing deployed, as I don't know how synchro between the 2 LDAP servers works, there is perhaps some side effect.
For those having test platform, this is very easy to test it.

What is more surprising is that such feature is not part of Zentyal interface  :o
Title: Re: Moving accounts / OU along the LDAP tree
Post by: jjmontes on November 18, 2013, 06:33:11 pm
I would be surprised if it can't be done using any LDAP management interface in case you run Zentyal without file sharing (Samba).
With file sharing deployed, as I don't know how synchro between the 2 LDAP servers works, there is perhaps some side effect.
For those having test platform, this is very easy to test it.

With file sharing this doesn't work correctly. "Users and Groups" tool shall be used (or ideally, Zentyal interface would support this), but the sync process shows a warning. This requires some extra development: see Feature Request http://forum.zentyal.org/index.php/topic,18835.0.html .