Richard Megginson a ?crit : > ----- "jean-No?l Chardron" <Jean-Noel.Chardron at dr15.cnrs.fr> wrote: > > >> hello, >> >> When I initiate a first full synchronization of DS and AD I lost >> members >> in groups >> >> error log shows : >> >> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: looking for local entry matching >> >> AD entry [CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] >> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid >> >> [c0e73a492ffbc04c9e85781a68f45023] >> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 >> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid >> [SFC] >> [...] >> [10/Jun/2009:15:00:11 +0200] - Windows sync entry: Adding new local >> entry dn: cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr >> objectClass: top >> objectClass: groupofuniquenames >> objectClass: ntGroup >> ntGroupDeleteGroup: true >> cn: SFC >> description: Service Financier et Comptable >> uniqueMember: uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, >> dc=cnrs, dc= >> fr >> uniqueMember:[...] >> follow 10 members >> >> [...] >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - received entry >> from >> dirsync: CN=MX,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: looking for local entry matching >> >> AD entry [CN=MX,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid >> >> [0cdf6e627d64684cb10c70b3b8753fda] >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid >> [MX] >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: problem looking for username: >> -1 >> [10/Jun/2009:15:00:24 +0200] - Windows sync entry: Adding new local >> entry dn: uid=MX,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, >> dc=fr >> objectClass: top >> objectClass: person >> objectClass: organizationalperson >> objectClass: inetOrgPerson >> objectClass: ntUser >> ntUserDeleteAccount: true >> uid: MX >> sn: MX >> givenName: Guillaume >> cn: MX >> ntUserCodePage: 0 >> ntUserAcctExpires: 0 >> ntUserDomainId: MX >> mail: Guillaume.MX at dr15.cnrs.fr >> ntUniqueId: 0cdf6e627d64684cb10c70b3b8753fda >> >> >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): windows_process_total_entry: Looking >> dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" (ours) >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS >> dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" >> guid="c0e73a492ffbc04c9e85781a68f45023" >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS >> dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" >> username="SFC" >> [10/Jun/2009:15:01:34 +0200] - Calling windows entry search request >> plugin >> [10/Jun/2009:15:01:34 +0200] - windows_search_entry: recieved 2 >> messages, 1 entries, 0 references >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_outbound: found AD entry >> dn="CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr" >> [10/Jun/2009:15:01:34 +0200] - Calling windows entry search request >> plugin >> [10/Jun/2009:15:01:34 +0200] - windows_search_entry: recieved 2 >> messages, 1 entries, 0 references >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - >> windows_generate_update_mods: >> CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr, description : >> values are equal >> [10/Jun/2009:15:01:35 +0200] - map_dn_values: no local entry found for >> >> uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr >> [10/Jun/2009:15:01:35 +0200] - map_dn_values: no local entry found for >> uid= >> >> [follow 10 entries,] >> >> [10/Jun/2009:15:01:35 +0200] - Calling windows entry search request >> plugin >> [10/Jun/2009:15:01:35 +0200] - windows_search_entry: recieved 2 >> messages, 1 entries, 0 references >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: looking for local entry matching >> >> AD entry >> [CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid >> >> [72a7171ffaa0d84a9ca4ec2d90a4ab2b] >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid >> [essaibug] >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: problem looking for username: >> -1 >> [10/Jun/2009:15:01:35 +0200] - Calling windows entry search request >> plugin >> [10/Jun/2009:15:01:35 +0200] - windows_search_entry: recieved 2 >> messages, 1 entries, 0 references >> >> [10/Jun/2009:15:01:38 +0200] NSMMReplicationPlugin - >> windows_generate_update_mods: >> CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr, sAMAccountName >> : >> values are equal >> [10/Jun/2009:15:01:38 +0200] - smod - windows sync >> [10/Jun/2009:15:01:38 +0200] - smod 0 - delete: member >> [10/Jun/2009:15:01:38 +0200] - smod 0 - value: member: >> CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr >> [10/Jun/2009:15:01:38 +0200] - smod 1 - delete: member >> [10/Jun/2009:15:01:38 +0200] - smod 1 - value: member: >> >> [follow the 10 entries] >> >> [10/Jun/2009:15:01:39 +0200] NSMMReplicationPlugin - >> windows_update_remote_entry: modifying entry >> CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr >> [10/Jun/2009:15:01:39 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): Received result code 0 () for modify operation >> >> [10/Jun/2009:15:01:55 +0200] - map_dn_values: no local entry found for >> >> uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr >> >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - received entry >> from >> dirsync: >> CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: looking for local entry matching >> >> AD entry >> [CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid >> >> [72a7171ffaa0d84a9ca4ec2d90a4ab2b] >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid >> [essaibug] >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_inbound: problem looking for username: >> -1 >> [10/Jun/2009:15:05:52 +0200] - Windows sync entry: Adding new local >> entry dn: uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, >> dc=fr >> objectClass: top >> objectClass: person >> objectClass: organizationalperson >> objectClass: inetOrgPerson >> objectClass: ntUser >> ntUserDeleteAccount: true >> uid: essaibug >> sn: essaibug >> cn: essaibug >> ntUserCodePage: 0 >> ntUserAcctExpires: 9223372036854775807 >> ntUserDomainId: essaibug >> ntUniqueId: 72a7171ffaa0d84a9ca4ec2d90a4ab2b >> >> [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS >> dn="uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, >> dc=fr" >> guid="72a7171ffaa0d84a9ca4ec2d90a4ab2b" >> [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS >> dn="uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, >> dc=fr" >> username="essaibug" >> [10/Jun/2009:15:07:13 +0200] - Calling windows entry search request >> plugin >> [10/Jun/2009:15:07:13 +0200] - windows_search_entry: recieved 2 >> messages, 1 entries, 0 references >> [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - >> agmt="cn=zebigbos" >> (zebigbos:636): map_entry_dn_outbound: found AD entry >> dn="CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr" >> >> (following the translation of google) >> I suppose that during the initialization of the replication, groups >> have >> lost members (group sfc) with the logs in order explicit removal of >> the >> member in the group, sent by the DS to AD. The most likely explanation >> >> and that the process is sequential but with a dispatch from AD to >> DS-anarchic, with a group can be created before members in DS users. >> these are leading to a later stage in a request for suppresssion AD DS >> >> to members of the group that did not exist before the creation of the >> >> group. This is "normal" since DS checks the consistency of information >> >> and therefore the group members. The solution to this problem is to >> create manually in the AD to add the lost members in the group or may >> be >> to initialize sync twice in a closed time. >> >> The administrator of the Windows server and the AD insulted me as a >> result of this blunder >> I asked him if he had a backup of the AD. he had not >> >> > > So let me see if I understand what is happening: > DS attempts to sync some groups from AD - since the user does not exist, it deletes the member from the group. Then it syncs the group back to AD, and deletes those users from AD. > Is that correct? > I suppose a workaround would be to make sure all of the users are first added to DS, then sync the groups. > yes, that is correct. >> -- >> >> Jean-Noel Chardron >> >> >> -- >> 389 users mailing list >> 389-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
