Re: [389-users] Windows Sync Agreement Help

[Rich Megginson <rmeggins@xxxxxxxxxx>]

On 05/31/2011 10:30 AM, Albert Teh wrote:

HI Rich,

[root@algldap ~]# /usr/lib/mozldap/ldapsearch -x -w - -D cn="Directory Manager" -b "ou=People,dc=algonquincollege,dc=com" "(|(objectclass=ntuser)(objectclass=ntgroup))"
Enter bind password:
[root@algldap ~]#

No Entry found !!!.

You have to tell directory server which entries you want to sync.
See http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync

Thanks.
Albert

On Tue, May 31, 2011 at 11:42 AM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:

On 05/30/2011 08:32 AM, Albert Teh wrote:

Hi Rich,

I followed the Guide and still got the same result. Checked with  the AD administrator, the AD's user: mailadm has a full privilege.

/usr/bin/ldapsearch -x -w - -D cn="Directory Manager"-b "ou=People,dc=algonquincollege,dc=com" "(|(objectclass=ntuser)(objectclass=ntgroup))"

How many entries match that search?

Thanks.
Albert
   
Here is the Windows Sync Agreement info:

[root@algldap slapd-algldap]# /usr/lib/mozldap/ldapsearch -w - -D cn="Directory Manager" -b cn=config cn=ADSync
Enter bind password:
version: 1
dn: cn=ADSync,cn=replica,cn=dc\3Dalgonquincollege\2Cdc\3Dcom,cn=mapping tree,c
 n=config
objectClass: top
objectClass: nsDSWindowsReplicationAgreement
description: AD Sync Agreement
cn: ADSync
nsds7WindowsReplicaSubtree: cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=co
 m
nsds7DirectoryReplicaSubtree: ou=People, dc=algonquincollege,dc=com
nsds7NewWinUserSyncEnabled: on
nsds7NewWinGroupSyncEnabled: on
nsds7WindowsDomain: ottawa.ad.algonquincollege.com
nsDS5ReplicaRoot: dc=algonquincollege,dc=com
nsDS5ReplicaHost: wodcstage-1.ottawa.ad.algonquincollege.com
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc
 =com
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaCredentials: {DES}U68ooQM3C15xjJ/taDmy0A==
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20110530141648Z
nsds5replicaLastUpdateEnd: 20110530141648Z
nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
 ate succeeded
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 20110530140648Z
nsds5replicaLastInitEnd: 20110530140648Z
nsds5replicaLastInitStatus: 0 Total update succeeded
[root@algldap slapd-algldap]#

On Fri, May 27, 2011 at 10:57 AM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:

On 05/27/2011 04:22 AM, Albert Teh wrote:

Hi Rich,

I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added onewaysync set as fromWindows in the multimaster replication plugin. I still got the same result with no user created in the DS subtree.

Have you read http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync

Errors log:

[27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADSync" (wodcstage-1:389)".
[27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". Sent 0 entries.


Access log:

[27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH base="cn=ADSync,cn=replica,cn=dc\3Dalgonquincollege\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
[27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101 nentries=1 etime=

Thanks for your help.

Albert

On Thu, May 26, 2011 at 11:13 AM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:

On 05/26/2011 08:58 AM, Albert Teh wrote:

Hi,

We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5 and attempt to synchronize with the existing 2003 Windows AD server.
Performing  the full sync completed. There is no user created in the DS subtree.

We would like to perform one way Sync:  AD ----> DS. Once it works, we will set up the password Sync from the AD to DS.

One way sync isn't supported with 8.1.0.  I suggest using 389-ds-base 1.2.8.3 from EPEL5 which does support one way sync.  http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync

AD:   cn=Users,cn=location,dc=ad,dc=domain,dc=com
DS:   ou=Peoples,dc=domain,dc=com

errors log:


[26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADsync" (wodcstage-1:389)".
[26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent 0 entries.

access log:

26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync, cn=replica, cn=\22dc=algonquincollege, dc=com\22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
[26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101 nentries=1 etime=0


Thanks.
Albert

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
Albert Teh
Email: Teh.Albert@xxxxxxxxx

--
Albert Teh
Email: Teh.Albert@xxxxxxxxx

--
Albert Teh
Email: Teh.Albert@xxxxxxxxx

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users