|
Dear 389-users, I am trying to make working a sync between my AD win 2008 R2 and FreeIPA (fedora 20) server. My goal is to retrieve all my AD users in freeIPA database. This is my 389 ds version : # rpm -q 389-ds-base 389-ds-base-1.3.2.23-1.fc20.x86_64 With "ipa-replica-manage connect --winsync ...", I succeeded to copy users from AD to FreeIPA (via the sync agreement). I tried then to sync posix attributes (from my AD which has "Subsystem for UNIX-based Applications") into the freeIPA server with activating the posix winsync plugin I would like to extract attributes from my AD like : - uidNumber - gidNumber - unixHomeDirectory - loginShell - msSFU30NisDomain For this, I turn on the posix winsync plugin according to the documentation : http://www.port389.org/docs/389ds/design/winsync-posix.html 1. I enable the plugin this way : ldapmodify -D "cn=directory manager" -w xxxxx dn: cn=Posix Winsync API,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on 2. And I also added a nisDomain attribut like this : ldapmodify -x -D "cn=directory manager" -w xxxxx dn: dc=lmsipa,dc=polytechnique,dc=fr changetype: modify replace: nisDomain nisDomain: lmsadtest The nisDomain is the same than the msSFU30NisDomain (lmsadtest) in my AD. 3. I restarted the ipa server (ipa-ctl restart). However, I do not succeed in syncing the posix attributes... 4. I turned on the replication logging level and this is the log for sync of 1 user account : ... 05/Nov/2014:10:37:28 +0100] NSMMReplicationPlugin - windows sync - agmt="cn=meTolmscad1test.lmsadtest.polytechnique.fr" (lmscad1test:389): map_entry_dn_outbound: looking for AD entry for DS dn="uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr" username="guigne" [05/Nov/2014:10:37:28 +0100] - Calling windows entry search request plugin [05/Nov/2014:10:37:28 +0100] - windows_search_entry: received 2 messages, 1 entries, 0 references [05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync - agmt="cn=meTolmscad1test.lmsadtest.polytechnique.fr" (lmscad1test:389): map_entry_dn_outbound: found AD entry dn="CN=Edouard Guigné,OU=lms,DC=lmsadtest,DC=polytechnique,DC=fr" [05/Nov/2014:10:37:29 +0100] - Calling windows entry search request plugin [05/Nov/2014:10:37:29 +0100] - windows_search_entry: received 2 messages, 1 entries, 0 references [05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync - windows_generate_update_mods: uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr, sn : values are equal [05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync - windows_generate_update_mods: uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr, description : values are equal [05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync - windows_generate_update_mods: uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr, givenName : values are equal [05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync - windows_generate_update_mods: uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr, codePage : values not present on peer entry [05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync - windows_generate_update_mods: uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr, scriptPath : values not present on peer entry [05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync - windows_generate_update_mods: uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr, accountExpires : values not present on peer entry [05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync - windows_generate_update_mods: uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr, sAMAccountName : values not present on peer entry [05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync - windows_generate_update_mods: uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr, mail : values are equal [05/Nov/2014:10:37:29 +0100] posix-winsync - getNisDomainName: no nisdomainname found in DC=fr, LDAP Err-1 [05/Nov/2014:10:37:29 +0100] - smod - windows sync [05/Nov/2014:10:37:29 +0100] - smod 0 - add: codePage [05/Nov/2014:10:37:29 +0100] - smod 0 - value: codePage: 0 [05/Nov/2014:10:37:29 +0100] - smod 1 - add: scriptPath [05/Nov/2014:10:37:29 +0100] - smod 1 - value: scriptPath: Logon_guigne.bat [05/Nov/2014:10:37:29 +0100] - smod 2 - add: accountExpires [05/Nov/2014:10:37:29 +0100] - smod 2 - value: accountExpires: 9223372036854775807 [05/Nov/2014:10:37:29 +0100] - smod 3 - add: sAMAccountName [05/Nov/2014:10:37:29 +0100] - smod 3 - value: sAMAccountName: guigne [05/Nov/2014:10:37:29 +0100] - smod 4 - add: msSFU30uidnumber [05/Nov/2014:10:37:29 +0100] - smod 4 - value: msSFU30uidnumber: 12069 [05/Nov/2014:10:37:29 +0100] - smod 5 - add: msSFU30gidnumber [05/Nov/2014:10:37:29 +0100] - smod 5 - value: msSFU30gidnumber: 4400 [05/Nov/2014:10:37:30 +0100] - smod 6 - add: msSFU30loginshell [05/Nov/2014:10:37:30 +0100] - smod 6 - value: msSFU30loginshell: /bin/bash [05/Nov/2014:10:37:30 +0100] NSMMReplicationPlugin - windows sync - windows_update_remote_entry: modifying entry CN=Edouard Guigné,OU=lms,DC=lmsadtest,DC=polytechnique,DC=fr [05/Nov/2014:10:37:30 +0100] NSMMReplicationPlugin - windows sync - agmt="cn=meTolmscad1test.lmsadtest.polytechnique.fr" (lmscad1test:389): Received result code 16 (00000057: LdapErr: DSID-0C090B8A, comment: Error in attribute conversion operation, data 0, v1db1) for modify operation ... So the Posix attributes are well found but not sync in 389 database. What does it mean : posix-winsync - getNisDomainName: no nisdomainname found in DC=fr, LDAP Err-1 May you help me to solve the issue ? Best Regards, Ed |
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
