On 02/14/2011 02:09 AM, remy d1 wrote: > Hi, > > Is there a timeout for Windows Sync ? It uses the same one as regular replication http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#setting-replication-timeout-periods > > Thanks > > 2011/2/9 Rich Megginson <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> > > On 02/09/2011 06:39 AM, remy d1 wrote: >> Hi Rich, >> >> I reinstalled all my server from scratch and reimported all my >> data (with cert files). >> >> If I try to synchronize my data, I can import users from AD to >> 389-DS but I can't do the opposite. My 389 server replica is >> always in status "in progress" with "replica acquired >> successfully : incremental update started", but it can't finish >> the synchronization job. > > Sometimes you have to tell winsync to do a full resync a few times > before it finally works. > >> >> I could also continue to launch request to my AD server from my >> 389-DS server (ldapsearch...). I successfully add a user to my AD >> with Apache Directory Studio (installed on my 389-DS server) with >> the AD synchronizing account. So, it's not an access problem. >> >> Moreover I added a schema on my 389-DS for my directory that is >> not present on my AD. Do you think I have to add this schema to >> AD or is the synchronization done only on AD required attributes ? > No. The schema that winsync uses is hard coded in 389 - you > cannot extend it or change it - it should work with AD, no changes > to AD should be required. > >> >> Or, >> >> Is it a cert file problem on my AD ? >> >> or ...? >> >> Any idea would be appreciated >> >> Regards- >> >> >> 2011/1/25 Rich Megginson <rmeggins at redhat.com >> <mailto:rmeggins at redhat.com>> >> >> On 01/25/2011 01:29 AM, remy d1 wrote: >>> Hi Rich, >>> >>> I tried to raise the log level, but when I did it, I was not >>> able to stop/restart my dirsrv service. >> What log level did you use? What error messages did you see >> when you attempted to stop/restart the service? Anything in >> the errors log? >> >>> To stop it, I must kill the process and remove the pid file. >>> Then I could start it. >>> >>> In my error logs, there is a lot of informations : >>> >>> >>> [root at KingKong ~]# tail /var/log/dirsrv/slapd-KingKong/errors >>> [24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin - >>> changelog program - cl5GetOperationCount: could not get DB >>> object for replica >>> [24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin - >>> changelog program - _cl5GetDBFile: no DB object found for >>> database >>> /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4 >>> [24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin - >>> changelog program - cl5GetOperationCount: could not get DB >>> object for replica >>> [24/Jan/2011:16:18:40 +0100] NSMMReplicationPlugin - >>> changelog program - _cl5GetDBFile: no DB object found for >>> database >>> /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4 >>> [24/Jan/2011:16:18:40 +0100] NSMMReplicationPlugin - >>> changelog program - cl5GetOperationCount: could not get DB >>> object for replica >>> [24/Jan/2011:16:18:41 +0100] NSMMReplicationPlugin - >>> changelog program - _cl5GetDBFile: no DB object found for >>> database >>> /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4 >>> [24/Jan/2011:16:18:41 +0100] NSMMReplicationPlugin - >>> changelog program - cl5GetOperationCount: could not get DB >>> object for replica >>> [24/Jan/2011:16:18:42 +0100] NSMMReplicationPlugin - >>> changelog program - _cl5GetDBFile: no DB object found for >>> database >>> /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4 >>> [24/Jan/2011:16:18:42 +0100] NSMMReplicationPlugin - >>> changelog program - cl5GetOperationCount: could not get DB >>> object for replica >>> [24/Jan/2011:16:24:18 +0100] NSMMReplicationPlugin - >>> changelog program - cl5ExportLDIF: failed to locate >>> changelog file for replica at (dc=mydomain,dc=com) >>> >>> >>> This problem is very similar to this post : >>> http://www.redhat.com/archives/fedora-directory-commits/2009-March/msg00005.html >>> Although I have the last version of 389-DS. >> Are you sure this is the correct post you wanted to refer >> to? Because this is a patch commit for a fix when moving the >> changelog directory - did you move the changelog directory? >> Because you did not mention it in your earlier post. >> >>> >>> I think I have also some troubleshooting with my hostname >>> because bind is not configured. However, I have choosen to >>> put it my /etc/hosts file >>> [root at KingKong ~]# nl /etc/host.conf >>> 1 multi on >>> 2 order hosts,bind >>> hostname command reply the full "fqdn" if I choose the >>> option --all-fqdn, contrary to the option "--fqdn". The >>> reply is just my hostname without the domain. By the way, if >>> I say >>> #hostname KingKong.mydomain.com <http://KingKong.mydomain.com> >>> Eveything is now good for my hostname but I can not launch >>> my 389-console. I think the adress to connect is not ok... I >>> do not know if this problem is linked to the previous >>> problems... >>> >>> So, I do #hostname KingKong >>> Then, I launch the console again. Now, if I try to initiate >>> a full synchronization, I can see (and I am still stuck on >>> it) the window "please wait while data is being >>> synchronized...", but nothing else... Data are not >>> synchronized and I do not see anything in my Windows event >>> viewer while replica agreement seems to be ok and PassSync >>> service is installed... >> It is very difficult to change your hostname after you have >> configured the admin server and console. I suggest starting >> over from scratch, and first make sure your hostname is correct. >> >> I also suggest using >> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync >> to configure Windows Sync. >> >>> >>> >>> Thanks for help, >>> >>> -Regards >>> >>> 2011/1/21 Rich Megginson <rmeggins at redhat.com >>> <mailto:rmeggins at redhat.com>> >>> >>>> Date: >>>> Fri, 21 Jan 2011 10:25:56 +0100 >>>> To: >>>> "General discussion list for the 389 Directory server >>>> project." <389-users at lists.fedoraproject.org> >>>> <mailto:389-users at lists.fedoraproject.org> >>>> >>>> >>>> Hi Rich, >>>> >>>> Thanks for this usefull link. >>>> >>>> I have successfully initiate replica between Windows AD >>>> and my server 389-DS. Ldapsearch is working. But even >>>> if everything seems to be ok, the update does not work >>>> and I do not see any error in the log files... So, my >>>> AD server stay empty, the accounts are not migrate... >>>> >>>> Here you have my access log file which is more >>>> verbose... (mydomain.com <http://mydomain.com> for the >>>> example) : >>> <snip> >>>> Obviously I am connecting to the server 389-DS itself >>>> whereas it can resolve the DNS name of my Windows >>>> server... There is no error in the AD event viewer >>>> while I could see errors on it when it was >>>> misconfigured (like DirSync errors)... So, basically, >>>> the Windows server is contacted to my DS-Server over 2 >>>> different networks. >>>> >>>> Do you think I have to open the ports described in my >>>> message ? >>>> >>>> -Regards. >>> I don't know. There is no winsync information in the >>> access log. Note that the access log records client >>> accesses to the directory server, and in winsync, the >>> directory server itself acts as a client to AD, so >>> winsync will log nothing in the access log. The errors >>> log could be helpful, and especially using the >>> replication log level (which is also used for winsync >>> logging). The Windows Event Viewer is useless for >>> winsync issues. >>> >>> >> >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20110214/34e98346/attachment-0001.html
