Re: 389 and AD group sync

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 02/28/2013 04:05 AM, Vesa Alho wrote:

Hi,
I'm having problems with syncing groups from 389 to AD. I wrote about this earlier but made some more testing. 

Using the latest EPEL6 stable:
389-ds-base-1.2.10.12-1.el6.x86_64
389-ds-1.2.2-1.el6.noarch

AD: 2008 R2 64-bit

========
Group description
# testgroup, People, domain.com
dn: cn=testgroup,ou=People,dc=domain,dc=com
ntGroupCreateNewGroup: on


The value should be TRUE

Looks like we have a doc bug.
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Using_Windows_Sync-Synchronizing_Groups.html

12.4.4.1. Configuring Group Sync in the Console
The Console UI section says to use a value of "on".  This is wrong.

12.4.4.2. Configuring Group Sync in the Command Line
This says to use a value of "true". This will work, although it should be "TRUE". 

And the command line docs should use - in the LDIF to separate each mod.

Please file a bug.


description: testroup
objectClass: top
objectClass: groupofuniquenames
objectClass: ntgroup
uniqueMember: uid=user1,ou=People,dc=domain,dc=com
ntUserDomainId: testgroup
===========
Replication log snippet follows:
NSMMReplicationPlugin - agmt="cn=adtestsync" (adtest:636): windows_replay_update: Processing add operation local dn="cn=testgroup,ou=People,dc=domain,dc=com" remote dn="cn=testgroup,cn=Users,dc=domain,dc=com"
NSMMReplicationPlugin - agmt="cn=adtestsync" (adtest:636): process_replay_add: dn="cn=testgroup,cn=Users,dc=domain,dc=com" (not present,add not allowed) 

"add not allowed" - this means one or more of the following:
*


=============
Group sync works correctly when I initiate manual Full resync. This means AD sync user must have proper permissions.
Bottom line, incremental group sync doesn't work. Only clue is that log message "not present,add not allowed". Any ideas or some known bug? 

-Mr. Vesa Alho
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux