On 12/03/2012 12:00 AM, Matti Alho wrote:
I don't know. Looks ok to me. I guess
the next step would be to
reproduce the problem with the
http://port389.org/wiki/FAQ#Troubleshooting Replication log
level
enabled, and then look in the errors log to see why the group
add
operation is not being sent to AD.
Here are some relevant log entries with replication logging. Any
ideas or should I try to change log level to get more information?
Not sure. This looks as though it is attempting to replay a modify
operation made on the 389 entry
cn=testgroup,ou=People,dc=domain,dc=com, but the corresponding AD
entry cn=testgroup,cn=Users,dc=domain,dc=com does not exist. Did
the full manual update create the entry
cn=testgroup,cn=Users,dc=domain,dc=com in AD? If not, why not? In
your first message you said
Any changes to groups on 389 side do not get synced to AD unless I do a full manual update triggered via console
Can you verify that, after doing a full manual update, you have
cn=testgroup,ou=People,dc=domain,dc=com in 389 and
cn=testgroup,cn=Users,dc=domain,dc=com in AD?
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): windows_replay_update: Looking at
modify operation local
dn="cn=testgroup,ou=People,dc=domain,dc=com" (ours,not user,group)
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): map_entry_dn_outbound: looking for
AD entry for DS dn="cn=testgroup,ou=People,dc=domain,dc=com"
guid="(null)"
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): map_entry_dn_outbound: looking for
AD entry for DS dn="cn=testgroup,ou=People,dc=domain,dc=com"
username="testgroup"
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): map_entry_dn_outbound: entry not
found - rc 0
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): windows_replay_update: Processing
modify operation local
dn="cn=testgroup,ou=People,dc=domain,dc=com" remote
dn="cn=testgroup,cn=Users,dc=domain,dc=com"
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): mod_already_made: AD entry not
found
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): Received result code 32 (0000208D:
NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best
match of: 'CN=Users,dc=domain,dc=com' ) for modify operation
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): Consumer failed to replay change
(uniqueid b469a981-3d1411e2-9418a8cb-3212cedb, CSN
50bc4a4d000000010000): No such object. Skipping.
[03/Dec/2012:08:44:28 +0200] agmt="cn=winsync" (adtest:636) -
clcache_load_buffer: rc=-30988
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): No more updates to send
(cl5GetNextOperationToReplay)
[03/Dec/2012:08:44:28 +0200] agmt="cn=winsync" (adtest:636) -
session end: state=5 load=1 sent=1 skipped=0
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): Beginning linger on the connection
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): State: sending_updates ->
wait_for_changes
[03/Dec/2012:08:45:28 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): Linger timeout has expired on the
connection
[03/Dec/2012:08:45:28 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): Disconnected from the consumer
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): State: wait_for_changes ->
wait_for_changes
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): State: wait_for_changes ->
ready_to_acquire_replica
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): Trying secure slapi_ldap_init_ext
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): binddn = cn=replication
manager,cn=Users,dc=domain,dc=com,
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): Replication bind with SIMPLE auth
resumed
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): No linger to cancel on the
connection
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): State: ready_to_acquire_replica
-> sending_updates
[03/Dec/2012:08:48:11 +0200] - _cl5PositionCursorForReplay
(agmt="cn=winsync" (adtest:636)): Consumer RUV:
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): {replicageneration}
505ae68e000000010000
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): {replica 1
ldap://ldap1.domain.com:389} 505aedad000000010000
50bc4a4d000000010000 50bc4a4c
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): {replica 2
ldap://ldap2.domain.com:389}
[03/Dec/2012:08:48:11 +0200] - _cl5PositionCursorForReplay
(agmt="cn=winsync" (adtest:636)): Supplier RUV:
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): {replicageneration}
505ae68e000000010000
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): {replica 1
ldap://ldap1.domain.com:389} 505aedad000000010000
50bc4a4d000000010000 50bc4a4c
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): {replica 2
ldap://ldap2.domain.com:389}
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): No changes to send
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): map_entry_dn_inbound: looking for
local entry matching AD entry
[CN=Administrator,CN=Users,dc=domain,dc=com]
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): map_entry_dn_inbound: looking for
local entry by guid [f9230130d24b3f43b352e77459982c77]
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): map_entry_dn_inbound: problem
looking for guid: -1
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): map_entry_dn_inbound: AD entry has
no username!
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): map_entry_dn_inbound: looking for
local entry matching AD entry
[CN=Administrator,CN=Users,dc=domain,dc=com]
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): map_entry_dn_inbound: looking for
local entry by guid [f9230130d24b3f43b352e77459982c77]
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): map_entry_dn_inbound: problem
looking for guid: -1
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): map_entry_dn_inbound: looking for
local entry by uid [Administrator]
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): map_entry_dn_inbound: problem
looking for username: -1
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): Beginning linger on the connection
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): State: sending_updates ->
wait_for_changes
[03/Dec/2012:08:49:12 +0200] NSMMReplicationPlugin -
agmt="cn=winsync" (adtest:636): Linger timeout has expired on the
connection
-Matti
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
|
