FWIW, the same thing happened to me when we setup our FDS-AD sync agreements. I can't say definitely, but the problem went away after we stopped using the Fedora Console for user and group management. We wrote our own tools to manage the directory data, and the disappearing users problem went away. I'm not saying that the console is the cause, just throwing that out there. Good luck. -richard On 4/5/07 4:13 PM, "Kris S. Amundson" <krisa at opensourcery.com> wrote: > So I got the Windows Sync Agreement working. > > Windows side: > cn=Users,dc=foo,dc=org > > FDS side: > ou=Users,l=Portland,c=US,dc=foo,dc=org > > SSL certs are properly exchanged between the two, user passwords sync > correctly, and accounts removed or added on either side are sync'd > correctly. > > Then suddenly less than 24hrs later, users on the ADS side suddenly > start being removed from email distribution groups. Client panics and > shuts down the FDS server, which appears to be the only change in the > last few days. The accounts had been stable for much time. > > Aside from asking the obvious of what would cause this, I'm curious > where I should start hunting (log level tweaks.. ADS logs, etc). > > Here are some errors I found on the ADS side. These might be the client > correcting the errors, not the original error itself: > > errors:[04/Apr/2007:09:44:53 -0700] - add value > "uid=Finintern,ou=Users,l=Portland,c=US, dc=foo,dc=org" to > attribute type "uniqueMember" in entry > "cn=FINANCE,ou=Users,l=Portland,c=US, dc=foo,dc=org" failed: > value exists > > errors:[04/Apr/2007:10:54:53 -0700] - add value > "uid=Finintern,ou=Users,l=Portland,c=US, dc=foo,dc=org" to > attribute type "uniqueMember" in entry > "cn=MAS90,ou=Users,l=Portland,c=US, dc=foo,dc=org" failed: value > exists > > errors:[04/Apr/2007:11:54:53 -0700] - add value > "uid=sharrison,ou=Users,l=Portland,c=US, dc=foo,dc=org" to > attribute type "uniqueMember" in entry "cn=Raisers > Edge,ou=Users,l=Portland,c=US, dc=foo,dc=org" failed: value exists
