Hi,
I'm having problems with syncing groups from 389 to AD. I wrote about
this earlier but made some more testing.
Using the latest EPEL6 stable:
389-ds-base-1.2.10.12-1.el6.x86_64
389-ds-1.2.2-1.el6.noarch
AD: 2008 R2 64-bit
========
Group description
# testgroup, People, domain.com
dn: cn=testgroup,ou=People,dc=domain,dc=com
ntGroupCreateNewGroup: on
description: testroup
objectClass: top
objectClass: groupofuniquenames
objectClass: ntgroup
uniqueMember: uid=user1,ou=People,dc=domain,dc=com
ntUserDomainId: testgroup
===========
Replication log snippet follows:
NSMMReplicationPlugin - agmt="cn=adtestsync" (adtest:636):
windows_replay_update: Processing add operation local
dn="cn=testgroup,ou=People,dc=domain,dc=com" remote
dn="cn=testgroup,cn=Users,dc=domain,dc=com"
NSMMReplicationPlugin - agmt="cn=adtestsync" (adtest:636):
process_replay_add: dn="cn=testgroup,cn=Users,dc=domain,dc=com" (not
present,add not allowed)
=============
Group sync works correctly when I initiate manual Full resync. This
means AD sync user must have proper permissions.
Bottom line, incremental group sync doesn't work. Only clue is that log
message "not present,add not allowed". Any ideas or some known bug?
-Mr. Vesa Alho
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
