Re: Windows sync agreement - Received result code 34

[Vesa Alho <listat@xxxxxxx>]

Okay, some progress.

I created an empty ou= to 389. Then I made a sync agreement with AD 
cn=Users,dc=example,dc=com. After this first full resync went 
successfully and I got users and groups from AD.

But if I try to add a user or group to 389, I get same errors as 
earlier. Even if I create an identical user to one coming from AD 
successfully, error remains.

Test user entry described below.

dn: uid=tpekka,ou=TestGroup,dc=example,dc=com
changetype: add
ntUserLastLogon: 0
ntUserLastLogoff: 0
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetOrgPerson
objectClass: ntUser
ntUserDeleteAccount: true
uid: tpekka
sn: Pekka
givenName: Testi
cn: Testi Pekka
ntUserCodePage: 0
ntUserAcctExpires: 9223372036854775807
ntUserDomainId: tpekka
ntUniqueId: 2543adbab8c5be4b82b4f927910eb48c

I guess I will need to test with a newer 389 version next if it's a bug 
or something.

-Vesa


On 03/17/2014 09:24 AM, Vesa Alho wrote:
> Hi,
>
> Would anyone have tips how to debug this futher? I tried with older AD
> 2008 R2 and with identical domain name. Also with various OU and CN
> combinations. Even with using admin accounts at both ends. But it still
> gives the same error code:
>
> Attempting to add entry cn=First
> Last,(null) to AD for local entry uid=user1,ou=People,dc=example,dc=com
>
> NSMMReplicationPlugin - agmt="cn=adsync" Received result code 34
> (0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350,
> best match of: '(null)' ) for add operation
>
> It must be something simple I'm missing here...
>
> -Vesa
>
> On 12/03/14 10:55, Vesa Alho wrote:
> > Hi,
> >
> > I'm trying to get Windows AD sync working. When trying to start full
> > re-syncronization, I get the errors listed below. I've tried to verify
> > all settings, but haven't figured out what could cause this. It seems to
> > use value (null) with DN, but why?
> >
> > Other information:
> > 389 => 1.2.11.25 (dc=example,dc=com)
> > AD => Windows 2012 R2 (dc=example,dc=login)
> > ==> notice, domain names are different!
> >
> > Windows sync agreement details
> > Windows domain: example.login
> > DS subtree: ou=People,dc=example,dc=com
> > Windows subtree: cn=People,dc=example,dc=login
> > Replicated subtree: dc=example,dc=com
> >
> > My goal is to sync 389 users to one OU/CN under AD and groups to
> > different OU/CN. I'm not sure if this even possible, but was hoping to
> > achieve this by creating separate sync agreements for users and groups.
> >
> > PS. thanks for excellent software and support!
> >
> > -Vesa
> >
> > [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> > (hki-dc01:636): map_entry_dn_inbound: problem looking for username: -1
> >
> > [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> > (hki-dc01:636): windows_process_total_entry: Looking
> > dn="uid=user1,ou=People,dc=example,dc=com" (ours)
> >
> > [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> > (hki-dc01:636): map_entry_dn_outbound: looking for AD entry for DS
> > dn="uid=user1,ou=People,dc=example,dc=com"
> > guid="c647c882ee76ab4aac2239ef81ebebb7"
> >
> > [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> > (hki-dc01:636): map_entry_dn_outbound: looking for AD entry for DS
> > dn="uid=user1,ou=People,dc=example,dc=com" username="user1"
> >
> > [12/Mar/2014:10:23:56 +0200] - Calling windows entry search request
> > plugin
> >
> > [12/Mar/2014:10:23:56 +0200] - windows_search_entry: received 1
> > messages, 0 entries, 0 references
> >
> > [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> > (hki-dc01:636): map_entry_dn_outbound: entry not found - rc 0
> >
> > [12/Mar/2014:10:23:56 +0200] - Windows sync entry: Created new remote
> > entry:
> >   dn:: Y249VHVvbWFzIFN5cmrDpG5lbiwobnVsbCk=
> > objectClass: top
> > objectClass: person
> > objectClass: organizationalperson
> > objectClass: user
> > userprincipalname: user1@example.login
> > cn:: VHVvbWFzIFN5cmrDpG5lbg==
> > givenName: First
> > mail: First.Last@xxxxxxxxxxx
> > sAMAccountName: user1
> > accountExpires: 9223372036854775807
> > sn:: U3lyasOkbmVu
> > telephoneNumber:
> > codePage: 0
> >
> > [12/Mar/2014:10:23:56 +0200] - Attempting to add entry cn=First
> > Last,(null) to AD for local entry uid=user1,ou=People,dc=example,dc=com
> >
> > [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> > (hki-dc01:636): Received result code 34 (0000208F: NameErr:
> > DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
> > '(null)' ) for add operation
> >
> > [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> > (hki-dc01:636): windows_replay_update: Cannot replay add operation.
> >
> > [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> > (hki-dc01:636): Beginning linger on the connection
> >
> > [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> > (hki-dc01:636): windows_tot_run: failed to obtain data to send to the
> > consumer; LDAP error - 1
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users