On 05/07/2012 05:33 PM, Orion Poplawski wrote:
We're trying to modify our already heavily modified version of
fdstools to add ntUser attributes to users. When we use it to create
a new user (or add ntUser attributes to and existing user) we end up
with two new users in AD and the cn: attribute of the user in 389 is
modified to have CNF:<guid> added which indicates a conflict in the
database.
If we check the Enable NT User Attributes and create New NT Account in
389-console everything seems to work. We're not able to see what
we're doing differently. Except that perhaps 389-console is setting
ntUniqueId, but I didn't think it was supposed to do that, that the AD
sync was supposed to handle it.
Right.
In fdstools we're setting ntUserDomainId, ntUserCreateNewAccount, and
ntUserDeleteAccount. Which seems to be all we need to do according to
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Using_Windows_Sync-Synchronizing_Users.html#ftn.id4791561
Right.
389-ds-1.2.1-1.el5
389-ds-base-1.2.9.9-1.el5
Ideas?
Nope. Let's start with an error log from 389 using the replication
(8192) log level - http://port389.org/wiki/FAQ#Troubleshooting
I suppose you could also enable the audit log and see exactly what
sequence of operations the console does when it enables the nt attributes.
TIA,
Orion
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
