v1.2.11.15
dn:
cn=ad5,cn=replica,cn=dc\3Dmetaeprinsa\2Cdc\3Dorg,cn=mapping
tree,cn=config
objectClass: top
objectClass: nsDSWindowsReplicationAgreement
description: ad5
cn: ad5
nsds7WindowsReplicaSubtree: dc=epr
nsds7DirectoryReplicaSubtree:
ou=usuarios,dc=metaeprinsa,dc=org
nsds7NewWinUserSyncEnabled: on
nsds7NewWinGroupSyncEnabled: off
nsds7WindowsDomain: epr
nsDS5ReplicaRoot: dc=metaeprinsa,dc=org
nsDS5ReplicaHost: ad5.epr
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=metasync,ou=usuarios de
servicio,ou=grupos,dc=epr
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaCredentials: ****
oneWaySync: fromWindows
v1.3
dn:
cn=ad5,cn=replica,cn=dc\3Dmetaeprinsa\2Cdc\3Dorg,cn=mapping
tree,cn=config
objectClass: top
objectClass: nsDSWindowsReplicationAgreement
description: ad5
cn: ad5
nsds7WindowsReplicaSubtree: dc=epr
nsds7DirectoryReplicaSubtree:
ou=usuarios,dc=metaeprinsa,dc=org
nsds7NewWinUserSyncEnabled: on
nsds7NewWinGroupSyncEnabled: off
nsds7WindowsDomain: epr
nsDS5ReplicaRoot: dc=metaeprinsa,dc=org
nsDS5ReplicaHost: ad5.epr
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=metasync,ou=usuarios de
servicio,ou=grupos,dc=epr
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaCredentials: ****
oneWaySync: fromWindows
De: "Rich
Megginson"
<rmeggins@xxxxxxxxxx>
Para: "General discussion list for the 389 Directory
server project."
<389-users@xxxxxxxxxxxxxxxxxxxxxxx>
CC: "Juan Carlos Camargo"
<juancarlos@xxxxxxxxxx>
Enviados: Jueves, 18 de Julio 2013 16:01:52
Asunto: Re: winsync: differences between
1.2.11.15 and 1.3
On 07/18/2013 06:17 AM, Juan
Carlos Camargo wrote:
Hi 389ers,
I have a lab scenario with one server running version
1.3 on Fedora19. My production servers still use
1.2.11.15 and run on CentOS. I've created oneway sync
agreements FROM Windows2003 , in both cases with the
same params: windows sync user, windows host, ds subtree
and windows subtree. But I've noticed that in version
1.3 sync does not work, all users are reported to be
"out of scope" even when the same sAMAccountName/uid is
found.
Ex:
v1.3
"
[18/Jul/2013:12:59:15 +0200] NSMMReplicationPlugin
- agmt="cn=ad5" (ad5:389):
windows_process_dirsync_entry: windows inbound entry
CN=XXXX has the same name as local entry uid=XXXX but
the windows entry is out of the scope of the sync
subtree [dc=DOMAIN] - if you want these entries to be
in sync, add the ntUser/ntGroup objectclass and
required attributes to the local entry, and move the
windows entry into scope
"
v1.2.11.15
[18/Jul/2013:13:31:00 +0200] NSMMReplicationPlugin
- agmt="cn=ad5" (ad5:389): map_entry_dn_inbound:
looking for local entry matching AD entry [CN=XXXX]
[18/Jul/2013:13:31:00 +0200] NSMMReplicationPlugin
- agmt="cn=ad5" (ad5:389): map_entry_dn_inbound:
looking for local entry by guid
[155e86afca9f2141af71624d7f55a44c]
[18/Jul/2013:13:31:00 +0200] NSMMReplicationPlugin
- agmt="cn=ad5" (ad5:389): map_entry_dn_inbound: found
local entry [uid=XXXX]
Sorry about the
different timestamps, but the user under XXXX was the
same in both cases. So, same agreement in version
1.2.11.15 syncs the users (from Windows always)
perfectly. I've deleted and recreated the agreements
in both sides, just in case I mispelled something,but
still the same results. What has changed , or better,
where did I go wrong?
Can you post your winsync config?
The AD entry CN=XXXX - is it in the windows subtree or outside
of it? If it is outside of it, why?
Regards!
--
Juan
Carlos Camargo Carrillo.
@jcarloscamargo
957-211157
, 650932877
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Juan Carlos Camargo Carrillo.
@jcarloscamargo
957-211157 , 650932877
