Re: 389 <=> AD group sync

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I noticed this:
dn="cn=stilltesting,cn=Users,dc=domain,dc=com" (not present,add not
allowed)

What could cause that? Some AD permissions? It's a bit weird since
full update works.


https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Using_Windows_Sync-Synchronizing_Groups.html


Does cn=stilltesting,cn=Users,dc=domain,dc=com have
ntGroupCreateNewGroup: TRUE
Yes, below is the entry. And actually in the guide you linked ntGroupCreateNewGroup value is "on" in the console section and "true" in command line section. I guess both are okay. I did try both values. 

dn: cn=stilltesting,ou=People,dc=domain,dc=com
ntGroupCreateNewGroup: true
description: stilltesting
objectClass: top
objectClass: groupofuniquenames
objectClass: ntgroup
uniqueMember: uid=btab,ou=People,dc=domain,dc=com
ntUserDomainId: stilltesting
cn: stilltesting

Logs after incremental update (which doesn't work):
[10/Dec/2012:08:45:34 +0200] agmt="cn=winsync" (adtest:636) - session start: anchorcsn=50c1bec7000000010000 [10/Dec/2012:08:45:34 +0200] NSMMReplicationPlugin - changelog program - agmt="cn=winsync" (adtest:636): CSN 50c1bec7000000010000 found, position set for replay [10/Dec/2012:08:45:34 +0200] agmt="cn=winsync" (adtest:636) - load=1 rec=1 csn=50c5850f000000010000 [10/Dec/2012:08:45:34 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): windows_replay_update: Looking at modify operation local dn="cn=stilltesting,ou=People,dc=domain,dc=com" (ours,not user,group) [10/Dec/2012:08:45:34 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): map_entry_dn_outbound: looking for AD entry for DS dn="cn=stilltesting,ou=People,dc=domain,dc=com" guid="(null)" [10/Dec/2012:08:45:34 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): map_entry_dn_outbound: looking for AD entry for DS dn="cn=stilltesting,ou=People,dc=domain,dc=com" username="stilltesting" [10/Dec/2012:08:45:34 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): map_entry_dn_outbound: entry not found - rc 0 [10/Dec/2012:08:45:34 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): windows_replay_update: Processing modify operation local dn="cn=stilltesting,ou=People,dc=domain,dc=com" remote dn="cn=stilltesting,cn=Users,dc=domain,dc=com" [10/Dec/2012:08:45:34 +0200] agmt="cn=winsync" (adtest:636) - clcache_load_buffer: rc=-30988 [10/Dec/2012:08:45:34 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): No more updates to send (cl5GetNextOperationToReplay) [10/Dec/2012:08:45:34 +0200] agmt="cn=winsync" (adtest:636) - session end: state=5 load=1 sent=1 skipped=0 [10/Dec/2012:08:45:34 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): Beginning linger on the connection [10/Dec/2012:08:45:34 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): State: sending_updates -> wait_for_changes [10/Dec/2012:08:46:35 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): Linger timeout has expired on the connection [10/Dec/2012:08:46:35 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): Disconnected from the consumer [10/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): State: wait_for_changes -> wait_for_changes [10/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): State: wait_for_changes -> ready_to_acquire_replica [10/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): Trying secure slapi_ldap_init_ext [10/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): binddn = cn=replication manager,cn=Users,dc=domain,dc=com, [10/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): No linger to cancel on the connection [10/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): State: ready_to_acquire_replica -> sending_updates [10/Dec/2012:08:48:11 +0200] - _cl5PositionCursorForReplay (agmt="cn=winsync" (adtest:636)): Consumer RUV: [10/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): {replicageneration} 505ae68e000000010000 [10/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): {replica 1 ldap://ldapnew.domain.com:389} 505aedad000000010000 50c5850f000000010000 50c5850e [10/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): {replica 2 ldap://ldapnew2.domain.com:389} [10/Dec/2012:08:48:11 +0200] - _cl5PositionCursorForReplay (agmt="cn=winsync" (adtest:636)): Supplier RUV: [10/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): {replicageneration} 505ae68e000000010000 [10/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): {replica 1 ldap://ldapnew.domain.com:389} 505aedad000000010000 50c5850f000000010000 50c5850e [10/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): {replica 2 ldap://ldapnew2.domain.com:389} [10/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): No changes to send 


Logs after full manual update (which works):
[10/Dec/2012:09:12:47 +0200] agmt="cn=winsync" (adtest:636) - load=1 rec=1 csn=50c58b70000000010000 [10/Dec/2012:09:12:47 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): windows_replay_update: Looking at rename operation local dn="cn=stilltesting,ou=People,dc=domain,dc=com" (ours,not user,group) [10/Dec/2012:09:12:47 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): map_entry_dn_outbound: looking for AD entry for DS dn="cn=stilltesting-group,ou=People,dc=domain,dc=com" guid="52dfaf022d5e4b49b8f7899f9e4b5c87" [10/Dec/2012:09:12:47 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): map_entry_dn_outbound: return code 0 from search for AD entry dn="<GUID=52dfaf022d5e4b49b8f7899f9e4b5c87>" or dn="CN=stilltesting,CN=Users,dc=domain,dc=com" [10/Dec/2012:09:12:47 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): windows_replay_update: Processing rename operation local dn="cn=stilltesting,ou=People,dc=domain,dc=com" remote dn="<GUID=52dfaf022d5e4b49b8f7899f9e4b5c87>" [10/Dec/2012:09:12:47 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): Consumer failed to replay change (uniqueid 2adc1381-405511e2-9418a8cb-3212cedb, CSN 50c58b70000000010000): Success. Skipping. [10/Dec/2012:09:12:47 +0200] agmt="cn=winsync" (adtest:636) - load=1 rec=2 csn=50c58b70000200010000 [10/Dec/2012:09:12:47 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): windows_replay_update: Looking at modify operation local dn="cn=stilltesting-group,ou=People,dc=domain,dc=com" (ours,not user,group) [10/Dec/2012:09:12:47 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): map_entry_dn_outbound: looking for AD entry for DS dn="cn=stilltesting-group,ou=People,dc=domain,dc=com" guid="52dfaf022d5e4b49b8f7899f9e4b5c87" [10/Dec/2012:09:12:47 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): map_entry_dn_outbound: return code 0 from search for AD entry dn="<GUID=52dfaf022d5e4b49b8f7899f9e4b5c87>" or dn="CN=stilltesting,CN=Users,dc=domain,dc=com" [10/Dec/2012:09:12:47 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): windows_replay_update: Processing modify operation local dn="cn=stilltesting-group,ou=People,dc=domain,dc=com" remote dn="<GUID=52dfaf022d5e4b49b8f7899f9e4b5c87>" [10/Dec/2012:09:12:47 +0200] agmt="cn=winsync" (adtest:636) - clcache_load_buffer: rc=-30988 [10/Dec/2012:09:12:47 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): No more updates to send (cl5GetNextOperationToReplay) [10/Dec/2012:09:12:47 +0200] agmt="cn=winsync" (adtest:636) - session end: state=5 load=1 sent=2 skipped=0 [10/Dec/2012:09:12:47 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): Beginning linger on the connection [10/Dec/2012:09:12:47 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): State: sending_updates -> wait_for_changes [10/Dec/2012:09:13:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): State: wait_for_changes -> wait_for_changes [10/Dec/2012:09:13:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): State: wait_for_changes -> ready_to_acquire_replica [10/Dec/2012:09:13:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): Cancelling linger on the connection [10/Dec/2012:09:13:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): State: ready_to_acquire_replica -> sending_updates [10/Dec/2012:09:13:11 +0200] - _cl5PositionCursorForReplay (agmt="cn=winsync" (adtest:636)): Consumer RUV: [10/Dec/2012:09:13:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): {replicageneration} 505ae68e000000010000 [10/Dec/2012:09:13:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): {replica 1 ldap://ldapnew.domain.com:389} 505aedad000000010000 50c58b70000200010000 50c58b6f [10/Dec/2012:09:13:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): {replica 2 ldap://ldapnew2.domain.com:389} [10/Dec/2012:09:13:11 +0200] - _cl5PositionCursorForReplay (agmt="cn=winsync" (adtest:636)): Supplier RUV: [10/Dec/2012:09:13:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): {replicageneration} 505ae68e000000010000 [10/Dec/2012:09:13:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): {replica 1 ldap://ldapnew.domain.com:389} 505aedad000000010000 50c58b70000200010000 50c58b6f [10/Dec/2012:09:13:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): {replica 2 ldap://ldapnew2.domain.com:389} [10/Dec/2012:09:13:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): No changes to send [10/Dec/2012:09:13:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): Beginning linger on the connection [10/Dec/2012:09:13:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync" (adtest:636): State: sending_updates -> wait_for_changes 

-Matti



--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux