Re: [389-users] Windows Sync Agreement Help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

It could have different reasons:
- do a ldapsearch -D cn=Directory\ Manager -b cn=config cn=ADSync and check the output so that replicabase subtrees are correct in the both worlds
  Any descendant container entries (ou's) need to be created separately in Directory by an
  administrator; Windows Sync does not create container entries.
- check with ldapsearch command that the Sync User can bind on AD 
- check the permissions of the sync user in AD, it should be a domain administrator, also if you want to sync only from AD to DS.

Regards Carsten

----- Ursprüngliche Nachricht -----
Von: Albert Teh <teh.albert@xxxxxxxxx>
Datum: Freitag, 27. Mai 2011, 12:22
Betreff: Re: [389-users] Windows Sync Agreement Help
An: Rich Megginson <rmeggins@xxxxxxxxxx>
Cc: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>

> Hi Rich,
> 
> I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added 
> onewaysync set as fromWindows in the multimaster replication 
> plugin. I still got the same result with no user created in the 
> DS subtree.
> 
> Errors log:
> 
> 
> [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning 
> total update of replica "agmt="cn=ADSync" 
> (wodcstage-1:389)".
> [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished 
> total update of replica "agmt="cn=ADSync" 
> (wodcstage-1:389)". Sent 0 entries.
> 
> 
> 
> Access log:
> 
> [27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH 
> base="cn=ADSync,cn=replica,cn=dc\3Dalgonquincollege\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
> 
> [27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101 
> nentries=1 etime=
> 
> Thanks for your help.
> 
> Albert
> 
> 
> 
> On Thu, May 26, 2011 at 11:13 AM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
> 
> 
> 
>  
>    
>  
>  
>    On 05/26/2011 08:58 AM, Albert Teh wrote:
>    Hi,
> 
>      
> 
>      We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5
>      and attempt to synchronize with the existing 2003 Windows AD
>      server.
> 
>      Performing  the full sync completed. There is no user created in
>      the DS subtree.
> 
>      
> 
>      We would like to perform one way Sync:  AD ----> DS. Once it
>      works, we will set up the password Sync from the AD to DS. 
> 
>    
>    One way sync isn't supported with 8.1.0.  I suggest using
>    389-ds-base 1.2.8.3 from EPEL5 which does support one way sync. 
>    http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync
> 
>    
> 
>      AD:   cn=Users,cn=location,dc=ad,dc=domain,dc=com
> 
>      DS:   ou=Peoples,dc=domain,dc=com
> 
>      
> 
>      errors log:
> 
>      
> 
>      
> 
>      [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning
>      total update of replica "agmt="cn=ADsync" (wodcstage-1:389)".
> 
>      [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished
>      total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent
>      0 entries.
> 
>      
> 
>      access log:
> 
>      
> 
>      26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync,
>      cn=replica, cn=\22dc=algonquincollege, dc=com\22, cn=mapping tree,
>      cn=config" scope=0
>      filter="(|(objectClass=*)(objectClass=ldapsubentry))"
>      attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
>      nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
>      nsds5replicaUpdateInProgress nsds5replicaLastInitStart
>      nsds5replicaLastInitEnd nsds5replicaLastInitStatus
>      nsds5BeginReplicaRefresh"
> 
>      [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101
>      nentries=1 etime=0
> 
>      
> 
>      
> 
>      Thanks.
> 
>      Albert
> 
>      
> 
>      
> 
>      
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>    
>    
> 
>  
> 
> 
> 
> -- 
> Albert Teh
> Email: Teh.Albert@xxxxxxxxx
> 
> > --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users

begin:vcard
n:Grzemba;Carsten
fn:Carsten Grzemba
tel;cell:+49 171 9749479
tel;work:+49 3677 6474-0
org:contac Datentechnik GmbH
adr:;;Auf dem Steine 1;Ilmenau;;98693;
email;internet:carsten.grzemba@xxxxxxxxxxxx
version:2.1
end:vcard

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux