Daniel Shackelford wrote: > I am using FDS 1.0.1, syncing with AD. User sync works just fine. I > have a separate sync agreement for groups, but membership does not > seem to be synced... > I do get errors that look like this: > > [09/Jan/2006:15:43:58 -0500] NSMMReplicationPlugin - > agmt="cn=ADGroupSYnc" (bsod:636): windows_replay_update: failed to > fetch local entry for modify operation > dn="uid=teststudent,ou=students,ou=people,dc=arbor,dc=edu" > > And some like this: > > [09/Jan/2006:15:40:45 -0500] - slapi_modify_internal_set_pb: NULL > parameter > [09/Jan/2006:15:40:45 -0500] - allow_operation: component identity is > NULL > > > And a couple of these: > [09/Jan/2006:15:40:41 -0500] - Entry > "cn=testgroup,ou=portal,ou=uGroups, dc=arbor,dc=edu" -- attribute > "mail" not allowed > [09/Jan/2006:15:40:41 -0500] NSMMReplicationPlugin - > windows_update_local_entry: failed to modify entry > cn=testgroup,ou=portal,ou=uGroups, dc=arbor, dc=edu > > Any insight? > Hmm...yes. Unfortunately when I said earlier that this two agreement scheme would work, I was smoking crack. I forgot that we have a check on the group members : we don't sync members that are not also subject to the sync agreement. It has no way to know that you have those members sync'ed with another agreement, and hence assumed that they're not sync'ed. This will mean that it will refuse to sync any group content.
