DuWayne Holsbeck wrote:
I did use multiple OUs, trying to mimic the AD structurer as closely as
possible. I think I tried to all in one approach, but there was some
kind of issue. The MS server is 2008 R2.
The DS server is version 1.3.1.
What is the revision #?
$ rpm -q 389-ds-base
the attributes set on the groups are
ntgroupcreatenewgroup = on, nt goupdeletegroup = on, ntuniqueid
= xxxxxxxxxxxxxx, ntuserdomainid = "group name". It has the ntgroup
objectClass, and a list of uniquemembers.
Cheers
DuWayne
On Sun, 2014-05-18 at 20:42 +0300, Vesa Alho wrote:
On 05/16/2014 09:12 PM, DuWayne Holsbeck wrote:
I have a 389 and AD servers setup, and sync agreements configured for
users, and groups. The Groups synced fine, but on the AD side there are
no members in the groups. I set the ntGroup objectClass, ntGroupType,
ntGroupCreateNewAccount, ntGroupDeleteAccount, ntUniqueId attributes set
on the 389DS side.Initial sync runs without errors.
Am I missing something, or is there a trick to get the Group memberships
to sync up between the 2?
Any suggestions on a fix, or way to troubleshoot the issue would be
greatly appreciated.
Did you setup a single sync agreement? I managed to get group members
working when syncing users and groups with single sync agreement. Due to
our ldap structure, I had to create sync agreement for the whole root
suffix.
389: dc=domain,dc=com ==> AD: ou=ldap,dc=domain,dc=com
Before this, I tried to sync users and groups with separate sync
agreements which didn't work. Also check you are running at least
version 1.2.11.29. I had general problems with MS Server 2012 R2 with
earlier versions.
-Vesa
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
