Dear 389-ds community,
I have a question about windows sync agreement. Here?s the scenario:
two Windows DC?s and two 389-ds servers as below.
Question1: Can I setup a one-way winsync i.e from windows to ldap? I have
tried it and it was like hit or miss. I did this by not giving the ?write?
permissions to AD for ?CN=Sync Manager?. Is this valid way of sync-ing one
way? I have error messages ?Replica has no update vector. It has never been
initialized?. I did a full-resynchronization and it went well without
errors. But I am not seeing any entry updates.
Question2: If I have windows sync on both the 389-ds sync-ing to a diferent
DC. Does it cause any loop or issues. The problem I am facing is, that I
have different OU?s in AD like ou=Marketing, ou=Finance, ou=Customers and
only one ?ou=People? in 389-ds.
I want only one-way sync. AD-->389-ds
Topology I am trying to make work. Please share your comments.
|--------| |------- |
| DC-1 | <---replication----> | DC-2 |
|--------| |--------|
| |
winsync Winsync
| |
|---------| |-------- |
| 389-1 | <---replication----> | 389-2 |
|---------| |---------|
Thanks,
Prashanth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20091001/0414deae/attachment.html
