On 02/09/2011 06:39 AM, remy d1 wrote: > Hi Rich, > > I reinstalled all my server from scratch and reimported all my data > (with cert files). > > If I try to synchronize my data, I can import users from AD to 389-DS > but I can't do the opposite. My 389 server replica is always in status > "in progress" with "replica acquired successfully : incremental update > started", but it can't finish the synchronization job. Sometimes you have to tell winsync to do a full resync a few times before it finally works. > > I could also continue to launch request to my AD server from my 389-DS > server (ldapsearch...). I successfully add a user to my AD with Apache > Directory Studio (installed on my 389-DS server) with the AD > synchronizing account. So, it's not an access problem. > > Moreover I added a schema on my 389-DS for my directory that is not > present on my AD. Do you think I have to add this schema to AD or is > the synchronization done only on AD required attributes ? No. The schema that winsync uses is hard coded in 389 - you cannot extend it or change it - it should work with AD, no changes to AD should be required. > > Or, > > Is it a cert file problem on my AD ? > > or ...? > > Any idea would be appreciated > > Regards- > > > 2011/1/25 Rich Megginson <rmeggins at redhat.com > <mailto:rmeggins at redhat.com>> > > On 01/25/2011 01:29 AM, remy d1 wrote: >> Hi Rich, >> >> I tried to raise the log level, but when I did it, I was not able >> to stop/restart my dirsrv service. > What log level did you use? What error messages did you see when > you attempted to stop/restart the service? Anything in the errors > log? > >> To stop it, I must kill the process and remove the pid file. Then >> I could start it. >> >> In my error logs, there is a lot of informations : >> >> >> [root at KingKong ~]# tail /var/log/dirsrv/slapd-KingKong/errors >> [24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin - changelog >> program - cl5GetOperationCount: could not get DB object for replica >> [24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin - changelog >> program - _cl5GetDBFile: no DB object found for database >> /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4 >> [24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin - changelog >> program - cl5GetOperationCount: could not get DB object for replica >> [24/Jan/2011:16:18:40 +0100] NSMMReplicationPlugin - changelog >> program - _cl5GetDBFile: no DB object found for database >> /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4 >> [24/Jan/2011:16:18:40 +0100] NSMMReplicationPlugin - changelog >> program - cl5GetOperationCount: could not get DB object for replica >> [24/Jan/2011:16:18:41 +0100] NSMMReplicationPlugin - changelog >> program - _cl5GetDBFile: no DB object found for database >> /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4 >> [24/Jan/2011:16:18:41 +0100] NSMMReplicationPlugin - changelog >> program - cl5GetOperationCount: could not get DB object for replica >> [24/Jan/2011:16:18:42 +0100] NSMMReplicationPlugin - changelog >> program - _cl5GetDBFile: no DB object found for database >> /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4 >> [24/Jan/2011:16:18:42 +0100] NSMMReplicationPlugin - changelog >> program - cl5GetOperationCount: could not get DB object for replica >> [24/Jan/2011:16:24:18 +0100] NSMMReplicationPlugin - changelog >> program - cl5ExportLDIF: failed to locate changelog file for >> replica at (dc=mydomain,dc=com) >> >> >> This problem is very similar to this post : >> http://www.redhat.com/archives/fedora-directory-commits/2009-March/msg00005.html >> Although I have the last version of 389-DS. > Are you sure this is the correct post you wanted to refer to? > Because this is a patch commit for a fix when moving the changelog > directory - did you move the changelog directory? Because you did > not mention it in your earlier post. > >> >> I think I have also some troubleshooting with my hostname because >> bind is not configured. However, I have choosen to put it my >> /etc/hosts file >> [root at KingKong ~]# nl /etc/host.conf >> 1 multi on >> 2 order hosts,bind >> hostname command reply the full "fqdn" if I choose the option >> --all-fqdn, contrary to the option "--fqdn". The reply is just my >> hostname without the domain. By the way, if I say >> #hostname KingKong.mydomain.com <http://KingKong.mydomain.com> >> Eveything is now good for my hostname but I can not launch my >> 389-console. I think the adress to connect is not ok... I do not >> know if this problem is linked to the previous problems... >> >> So, I do #hostname KingKong >> Then, I launch the console again. Now, if I try to initiate a >> full synchronization, I can see (and I am still stuck on it) the >> window "please wait while data is being synchronized...", but >> nothing else... Data are not synchronized and I do not see >> anything in my Windows event viewer while replica agreement seems >> to be ok and PassSync service is installed... > It is very difficult to change your hostname after you have > configured the admin server and console. I suggest starting over > from scratch, and first make sure your hostname is correct. > > I also suggest using > http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync > to configure Windows Sync. > >> >> >> Thanks for help, >> >> -Regards >> >> 2011/1/21 Rich Megginson <rmeggins at redhat.com >> <mailto:rmeggins at redhat.com>> >> >>> Date: >>> Fri, 21 Jan 2011 10:25:56 +0100 >>> To: >>> "General discussion list for the 389 Directory server >>> project." <389-users at lists.fedoraproject.org> >>> <mailto:389-users at lists.fedoraproject.org> >>> >>> >>> Hi Rich, >>> >>> Thanks for this usefull link. >>> >>> I have successfully initiate replica between Windows AD and >>> my server 389-DS. Ldapsearch is working. But even if >>> everything seems to be ok, the update does not work and I do >>> not see any error in the log files... So, my AD server stay >>> empty, the accounts are not migrate... >>> >>> Here you have my access log file which is more verbose... >>> (mydomain.com <http://mydomain.com> for the example) : >> <snip> >>> Obviously I am connecting to the server 389-DS itself >>> whereas it can resolve the DNS name of my Windows server... >>> There is no error in the AD event viewer while I could see >>> errors on it when it was misconfigured (like DirSync >>> errors)... So, basically, the Windows server is contacted to >>> my DS-Server over 2 different networks. >>> >>> Do you think I have to open the ports described in my message ? >>> >>> -Regards. >> I don't know. There is no winsync information in the access >> log. Note that the access log records client accesses to the >> directory server, and in winsync, the directory server itself >> acts as a client to AD, so winsync will log nothing in the >> access log. The errors log could be helpful, and especially >> using the replication log level (which is also used for >> winsync logging). The Windows Event Viewer is useless for >> winsync issues. >> >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20110209/bc826235/attachment.html
