O.K., so I'm guessing there are certain required object classes and
attributes, and some that are not allowed. I tried to populate the Active
Directory using Windows Sync, but it didn't work. Then I took the ldif file
I used to populate the DS and tried to import it into AD, but that didn't
work either. I found that if I changed some object classes and attributes,
the ldif would import into AD, but not into DS. And they would not sync.
For instance, "objectclass: user" does not import into DS, but is required
for AD. And "objectclass: inetOrgPerson" imports into DS, but not into AD.
So if I have some object classes and attributes required for AD that are
not allowed in DS, and vice-versa, how can I make Windows Sync work? I'm
sure I'm missing something here. I'm including sample ldif entries from each
import below. Thanks. -Glenn.
AD-compatible entry:
dn: cn=Peter Apostle,ou=Domain Users,dc=ad,dc=example,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: user
sn: Apostle
cn: Peter Apostle
SAMAccountName: PApostle
userPrincipalName: papostle at ad.example.com
mail: papostle at ad.example.com
facsimiletelephonenumber: 817-531-4806
title: Electronic Reference Librarian
givenname: Peter
businesscategory: EJW Library
roomnumber: EJW Library
employeenumber: 1234567
departmentnumber: Provost
telephonenumber: 817-555-4802
userpassword: {SHA}8/P0XfVT5t9GpNL8MNPH+jdPGA0=
description: Reference Librarian
scriptPath: twu_script.bat
uid: abaker
DS-compatible entry:
dn: cn=Peter Apostle,ou=People,o=example.com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: Apostle
cn: Peter Apostle
mail: papostle at ad.example.com
facsimiletelephonenumber: 817-555-4806
title: Electronic Reference Librarian
givenname: Peter
businesscategory: EJW Library
roomnumber: EJW Library
employeenumber: 1234567
departmentnumber: Provost
telephonenumber: 817-555-4802
userpassword: {SHA}8/P0XfVT5t9GpNL8MNPH+jdPGA0=
description: Reference Librarian
uid: papostle
---------- Original Message -----------
From: David Boreham <david_list at boreham.org>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users at redhat.com>
Sent: Tue, 02 Jan 2007 10:01:33 -0700
Subject: Re: Windows Sync Errors
> Glenn wrote:
>
> >Hello again. I'm still trying to get Windows Sync working between
Directory
> >Server 7.1sp3 and Active Directory on a Windows 2003 server. I thought I
> >would narrow down the problem by trying to add a user in the DS and see if
it
> >would replicate to AD. It does not, and the error message is:
> >
> >[02/Jan/2007:09:58:31 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad"
> >(adserver:636): windows_replay_update: Looking at add operation local
> >dn="uid=PApostle,ou=People,o=txwes.edu" (not ours,not user,not group)
> >
> >The replication agreement specifies that ou=People,o=txwes.edu in the DS
> >should be synchronized with ou=Domain Users,dc=ad,dc=txwesleyan,dc=edu in
> >AD. Both ous exist as specified.
> >
> >Can anyone please suggest what I might try to get this working?
Thanks. -
> >Glenn.
> >
> >
> Based on the information you've provided, the most likely cause is
> that the entry lacks the appropriate object class and attributes to
> be sync'ed.
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
------- End of Original Message -------
