Hi Using 389DS 1.2.5 on CentOS 5.5 i385, I need to sync users and groups from 389DS to Active Directory (Windows Server 2003). I the 389DS side I have this: dn: cn=ALERGIAS_gestion,ou=Groups,o=XXXX,dc=XXXX,dc=es objectClass: groupOfNames objectClass: groupOfUniqueNames objectClass: ntGroup objectClass: posixGroup objectClass: sambaGroupMapping objectClass: top cn: ALERGIAS_gestion gidNumber: 130541 ntUserDomainId: ALERGIAS_gestion sambaGroupType: 2 sambaSID: S-1-5-21-2896031208-2582234988-3810615631-261845 description: Personal de D.GESTION de ALERGIAS del XXXX displayName: Personal de D.GESTION de ALERGIAS del XXXXX ntGroupCreateNewGroup: true ntGroupDeleteGroup: true ou: ou=ALERGIAS,ou=PERIFERICA,ou=D. GESTION,o=XXXX,dc=XXXX,dc=es Base DS subtree in the replication agreement is o=XXXX,dc=XXXX,dc=es, and Windows Subtree is "ou=XXXX,ou=LDAP,dc=pruebas,dc=local", so I had to create manually the OUs "ou=People,ou=XXXX,ou=LDAP,dc=pruebas,dc=local" and "ou=Groups,ou=XXXX,ou=LDAP,dc=pruebas,dc=local" (user sync works fine). When I try to sync data, doing a full re-syncronization from the console, I get tjis werror when the server is going to sync the group: [18/Oct/2012:13:09:58 +0200] NSMMReplicationPlugin - agmt="cn=XXXXX-LDAPPruebas-WinAD" (grsgscvant01f6:636): windows_process_total_entry: Looking dn="cn=ALERGIAS_gestion,ou=Groups,o=XXXXX,dc=XXXXX,dc=es" (ours) [18/Oct/2012:13:09:58 +0200] NSMMReplicationPlugin - agmt="cn=XXXXX-LDAPPruebas-WinAD" (grsgscvant01f6:636): map_entry_dn_outbound: looking for AD entry for DS dn="cn=ALERGIAS_gestion,ou=Groups,o=XXXXX,dc=XXXXX,dc=es" guid="(null)" [18/Oct/2012:13:09:58 +0200] NSMMReplicationPlugin - agmt="cn=XXXXX-LDAPPruebas-WinAD" (grsgscvant01f6:636): map_entry_dn_outbound: looking for AD entry for DS dn="cn=ALERGIAS_gestion,ou=Groups,o=XXXXX,dc=XXXXX,dc=es" username="ALERGIAS_gestion" [18/Oct/2012:13:09:58 +0200] - Calling windows entry search request plugin [18/Oct/2012:13:09:58 +0200] - windows_search_entry: recieved 1 messages, 0 entries, 0 references [18/Oct/2012:13:09:58 +0200] NSMMReplicationPlugin - agmt="cn=XXXXX-LDAPPruebas-WinAD" (grsgscvant01f6:636): map_entry_dn_outbound: entry not found - rc 0 [18/Oct/2012:13:09:58 +0200] - Windows sync entry: Created new remote entry: dn: cn=ALERGIAS_gestion,ou=Groups,ou=XXXXX,ou=LdapPeople,dc=pruebas,dc=local objectClass: top objectClass: group sAMAccountName: ALERGIAS_gestion ou: ou=ALERGIAS,ou=PERIFERICA,ou=D. GESTION,o=XXXXX,dc=XXXXX,dc=es description: Personal de D.GESTION de ALERGIAS del XXXXX [18/Oct/2012:13:09:58 +0200] - Attempting to add entry cn=ALERGIAS_gestion,ou=Groups,ou=XXXXX,ou=LdapPeople,dc=pruebas,dc=local to AD for local entry cn=ALERGIAS_gestion,ou=Groups,o=XXXXX,dc=XXXXX,dc=es [18/Oct/2012:13:09:58 +0200] NSMMReplicationPlugin - agmt="cn=XXXXX-LDAPPruebas-WinAD" (grsgscvant01f6:636): Received result code 65 (0000207D: UpdErr: DSID-03150F9C, problem 6002 (OBJ_CLASS_VIOLATION), data 0 ) for add operation [18/Oct/2012:13:09:58 +0200] NSMMReplicationPlugin - agmt="cn=XXXXX-LDAPPruebas-WinAD" (grsgscvant01f6:636): windows_replay_update: Cannot replay add operation. [18/Oct/2012:13:09:58 +0200] NSMMReplicationPlugin - agmt="cn=XXXXX-LDAPPruebas-WinAD" (grsgscvant01f6:636): Beginning linger on the connection [18/Oct/2012:13:09:58 +0200] NSMMReplicationPlugin - agmt="cn=XXXXX-LDAPPruebas-WinAD" (grsgscvant01f6:636): windows_tot_run: failed to obtain data to send to the consumer; LDAP error - 1 It looks like trying to create a group (objectClass group), but with user attributes (sAMAccountName)... Any idea? Is the source group bad created? Regards and thanks in advance. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
