Re: Ldap and Active Directory -- Data Sync not Happening

Gonzalo Fernandez Ordas <g.fer.ordas@xxxxxxxxxxxxxx> · Tue, 03 Mar 2015 11:55:09 +0100

Anybody?

On 01/03/2015 22:17, Gonzalo Fernandez Ordas wrote:

Hi

I am having issues related to a oneWay SYNC from AD to LDAP.

I got everything running the password sync part I have kept disable 
for a bit as I want to JUST sync users for start.
This is an Ubuntu --- Windows2012 setup (only 2 boxes)
The Unidirectional setup "fromWindows" defined in the replication object.

The authentication gets through to the AD box, I can initialise the 
replica and that is all, it never gets any data into the DS.
I have follow all the steps certificate related...etc.. which they 
seem all right, but I cannot understand what happens.

Error log below:

-----
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): State: 
wait_for_changes -> wait_for_changes
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): State: 
wait_for_changes -> start
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): No linger to 
cancel on the connection
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): Disconnected 
from the consumer
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): State: start -> 
ready_to_acquire_replica
[01/Mar/2015:09:08:53 +0000] - acquire_replica, supplier RUV:
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - supplier: 
{replicageneration} 54f0c078000000010000
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - supplier: 
{replica 1 ldap://ldapserver.com:389} 54f23832000000010000 
54f2d5e1000000010000 54f2d5e1
[01/Mar/2015:09:08:53 +0000] - acquire_replica, consumer RUV:
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - consumer: 
{replicageneration} 54f0c078000000010000
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - consumer: 
{replica 1 ldap://ldapserver.com:389} 54f23832000000010000 
54f2d5e1000000010000 54f2d5e1
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): Trying secure 
slapi_ldap_init_ext

[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): binddn = cn=user 
Sync,cn=Users,dc=windows,dc=activedirectory,dc=com, passwd = 
{DES}s/tdsdsdsd
[01/Mar/2015:09:08:53 +0000] - windows_conn_connect : detected Win2k3 
or later peer
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): No linger to 
cancel on the connection
[01/Mar/2015:09:08:53 +0000] - _csngen_adjust_local_time: gen state 
before 54f2d6e10002:1425200865:0:0
[01/Mar/2015:09:08:53 +0000] - _csngen_adjust_local_time: gen state 
after 54f2d7250000:1425200933:0:0
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - windows sync - 
windows_acquire_replica returned success (101)
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): State: 
ready_to_acquire_replica -> sending_updates
[01/Mar/2015:09:08:53 +0000] - csngen_adjust_time: gen state before 
54f2d7250001:1425200933:0:0
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - changelog program 
- _cl5GetDBFile: found DB object 7f462249add0 for database 
/var/lib/dirsrv/slapd-instance/changelogdb/c3b80d03-beb311e4-8df9a16f-b0f06c9b_54f0c078000000010000.db 

[01/Mar/2015:09:08:53 +0000] - _cl5PositionCursorForReplay 
(agmt="cn=windows.activedirectory.com" (adserver:636)): Consumer RUV:
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - 
agmt="cn=windows.activedirectory.com" (adserver:636): 
{replicageneration} 54f0c078000000010000
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - 
agmt="cn=windows.activedirectory.com" (adserver:636): {replica 1 
ldap://ldapserver.com:389} 54f23832000000010000 54f2d5e1000000010000 
54f2d5e1
[01/Mar/2015:09:08:53 +0000] - _cl5PositionCursorForReplay 
(agmt="cn=windows.activedirectory.com" (adserver:636)): Supplier RUV:
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - 
agmt="cn=windows.activedirectory.com" (adserver:636): 
{replicageneration} 54f0c078000000010000
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - 
agmt="cn=windows.activedirectory.com" (adserver:636): {replica 1 
ldap://ldapserver.com:389} 54f23832000000010000 54f2d5e1000000010000 
54f2d5e1
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): No changes to send
[01/Mar/2015:09:08:53 +0000] - Calling dirsync search request plugin
[01/Mar/2015:09:08:53 +0000] - Sending dirsync search request
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): Beginning linger 
on the connection
[01/Mar/2015:09:08:53 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): State: 
sending_updates -> wait_for_changes
[01/Mar/2015:09:09:24 +0000] - _csngen_adjust_local_time: gen state 
before 54f2d7250001:1425200933:0:0
[01/Mar/2015:09:09:24 +0000] - _csngen_adjust_local_time: gen state 
after 54f2d7440000:1425200964:0:0
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - 
ruv_add_csn_inprogress: successfully inserted csn 54f2d744000000010000 
into pending list
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - Purged state 
information from entry ou=People,dc=windows,dc=activedirectory,dc=com 
up to CSN 54e99b61000000010000
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - changelog program 
- _cl5GetDBFileByReplicaName: found DB object 7f462249add0 for 
database 
/var/lib/dirsrv/slapd-instance/changelogdb/c3b80d03-beb311e4-8df9a16f-b0f06c9b_54f0c078000000010000.db
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - changelog program 
- _cl5GetDBFileByReplicaName: found DB object 7f462249add0 for 
database 
/var/lib/dirsrv/slapd-instance/changelogdb/c3b80d03-beb311e4-8df9a16f-b0f06c9b_54f0c078000000010000.db
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - ruv_update_ruv: 
successfully committed csn 54f2d744000000010000
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): State: 
wait_for_changes -> wait_for_changes
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): State: 
wait_for_changes -> ready_to_acquire_replica
[01/Mar/2015:09:09:24 +0000] - acquire_replica, supplier RUV:
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - supplier: 
{replicageneration} 54f0c078000000010000
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - supplier: 
{replica 1 ldap://ldapserver.com:389} 54f23832000000010000 
54f2d744000000010000 54f2d744
[01/Mar/2015:09:09:24 +0000] - acquire_replica, consumer RUV:
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - consumer: 
{replicageneration} 54f0c078000000010000
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - consumer: 
{replica 1 ldap://ldapserver.com:389} 54f23832000000010000 
54f2d5e1000000010000 54f2d5e1
[01/Mar/2015:09:09:24 +0000] - acquire_replica, supplier RUV is newer
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): Cancelling 
linger on the connection
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - windows sync - 
windows_acquire_replica returned success (101)
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): State: 
ready_to_acquire_replica -> sending_updates
[01/Mar/2015:09:09:24 +0000] - csngen_adjust_time: gen state before 
54f2d7440002:1425200964:0:0
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - changelog program 
- _cl5GetDBFile: found DB object 7f462249add0 for database 
/var/lib/dirsrv/slapd-instance/changelogdb/c3b80d03-beb311e4-8df9a16f-b0f06c9b_54f0c078000000010000.db 

[01/Mar/2015:09:09:24 +0000] - _cl5PositionCursorForReplay 
(agmt="cn=windows.activedirectory.com" (adserver:636)): Consumer RUV:
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - 
agmt="cn=windows.activedirectory.com" (adserver:636): 
{replicageneration} 54f0c078000000010000
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - 
agmt="cn=windows.activedirectory.com" (adserver:636): {replica 1 
ldap://ldapserver.com:389} 54f23832000000010000 54f2d5e1000000010000 
54f2d5e1
[01/Mar/2015:09:09:24 +0000] - _cl5PositionCursorForReplay 
(agmt="cn=windows.activedirectory.com" (adserver:636)): Supplier RUV:
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - 
agmt="cn=windows.activedirectory.com" (adserver:636): 
{replicageneration} 54f0c078000000010000
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - 
agmt="cn=windows.activedirectory.com" (adserver:636): {replica 1 
ldap://ldapserver.com:389} 54f23832000000010000 54f2d744000000010000 
54f2d744
[01/Mar/2015:09:09:24 +0000] agmt="cn=windows.activedirectory.com" 
(adserver:636) - clcache_get_buffer: found thread private buffer cache 
7f4604021ef0
[01/Mar/2015:09:09:24 +0000] agmt="cn=windows.activedirectory.com" 
(adserver:636) - clcache_get_buffer: _pool is 7f462248e080 
_pool->pl_busy_lists is 7f4604001010 _pool->pl_busy_lists->bl_buffers 
is 7f4604021ef0
[01/Mar/2015:09:09:24 +0000] agmt="cn=windows.activedirectory.com" 
(adserver:636) - session start: anchorcsn=54f2d5e1000000010000
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - changelog program 
- agmt="cn=windows.activedirectory.com" (adserver:636): CSN 
54f2d5e1000000010000 found, position set for replay
[01/Mar/2015:09:09:24 +0000] agmt="cn=windows.activedirectory.com" 
(adserver:636) - load=1 rec=1 csn=54f2d744000000010000
[01/Mar/2015:09:09:24 +0000] agmt="cn=windows.activedirectory.com" 
(adserver:636) - clcache_load_buffer: rc=-30988
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): No more updates 
to send (cl5GetNextOperationToReplay)
[01/Mar/2015:09:09:24 +0000] agmt="cn=windows.activedirectory.com" 
(adserver:636) - session end: state=5 load=1 sent=1 skipped=0 
skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 
skipped_csn_gt_ruv=0 skipped_csn_covered=0
[01/Mar/2015:09:09:24 +0000] - Calling dirsync search request plugin
[01/Mar/2015:09:09:24 +0000] - Sending dirsync search request
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): Beginning linger 
on the connection
[01/Mar/2015:09:09:24 +0000] NSMMReplicationPlugin - windows sync - 
agmt="cn=windows.activedirectory.com" (adserver:636): State: 
sending_updates -> wait_for_changes
[01/Mar/2015:09:09:28 +0000] NSMMReplicationPlugin - changelog program 
- _cl5GetDBFile: found DB object 7f462249add0 for database 
/var/lib/dirsrv/slapd-instance/changelogdb/c3b80d03-beb311e4-8df9a16f-b0f06c9b_54f0c078000000010000.db 

[01/Mar/2015:09:09:28 +0000] NSMMReplicationPlugin - changelog program 
- cl5GetOperationCount: found DB object 7f462249add0
------

I have played with this for 2 weeks setting up every single possible 
change in DS related to Users, Groups, but I cannot understand why 
389-DS does not feel able of getting the data out of AD?
I do not have a good error log showing a successful data import which 
I can compare with, so I do not know how to expect that.
To me looks like Windows is simply dropping the connection, but from a 
Windows perspective it seems ok as the User validates all right . At 
this stage I do not know what else to look at?

Any tips please?

Many thanks!

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users