On 03/12/2014 02:55 AM, Vesa Alho wrote:
Hi, I'm trying to get Windows AD sync working. When trying to start full re-syncronization, I get the errors listed below. I've tried to verify all settings, but haven't figured out what could cause this. It seems to use value (null) with DN, but why? Other information: 389 => 1.2.11.25 (dc=example,dc=com) AD => Windows 2012 R2 (dc=example,dc=login) ==> notice, domain names are different! Windows sync agreement details Windows domain: example.login DS subtree: ou=People,dc=example,dc=com Windows subtree: cn=People,dc=example,dc=login Replicated subtree: dc=example,dc=com My goal is to sync 389 users to one OU/CN under AD and groups to different OU/CN. I'm not sure if this even possible, but was hoping to achieve this by creating separate sync agreements for users and groups. PS. thanks for excellent software and support! -Vesa [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" (hki-dc01:636): map_entry_dn_inbound: problem looking for username: -1 [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" (hki-dc01:636): windows_process_total_entry: Looking dn="uid=user1,ou=People,dc=example,dc=com" (ours) [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" (hki-dc01:636): map_entry_dn_outbound: looking for AD entry for DS dn="uid=user1,ou=People,dc=example,dc=com" guid="c647c882ee76ab4aac2239ef81ebebb7" [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" (hki-dc01:636): map_entry_dn_outbound: looking for AD entry for DS dn="uid=user1,ou=People,dc=example,dc=com" username="user1" [12/Mar/2014:10:23:56 +0200] - Calling windows entry search request plugin [12/Mar/2014:10:23:56 +0200] - windows_search_entry: received 1 messages, 0 entries, 0 references [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" (hki-dc01:636): map_entry_dn_outbound: entry not found - rc 0 [12/Mar/2014:10:23:56 +0200] - Windows sync entry: Created new remote entry: dn:: Y249VHVvbWFzIFN5cmrDpG5lbiwobnVsbCk= objectClass: top objectClass: person objectClass: organizationalperson objectClass: user userprincipalname: user1@example.login cn:: VHVvbWFzIFN5cmrDpG5lbg== givenName: First mail: First.Last@xxxxxxxxxxx sAMAccountName: user1 accountExpires: 9223372036854775807 sn:: U3lyasOkbmVu telephoneNumber: codePage: 0 [12/Mar/2014:10:23:56 +0200] - Attempting to add entry cn=First Last,(null) to AD for local entry uid=user1,ou=People,dc=example,dc=com [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" (hki-dc01:636): Received result code 34 (0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of: '(null)' ) for add operation
Ever figure this out? We're seeing the same problem here. It was working for a while for us and then broke at some point. Looks like the target ou is getting replaced by null at some point.
- Orion -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@xxxxxxxx Boulder, CO 80301 http://www.nwra.com -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
