|
Rich, The version of 389-ds-base is 1.3.3.10-1.fc22.x89-64 and it’s the same behavior running the agreement against AD 2003 or AD 2012. By “two pairs” in mean to indicate that I have two winsyncsubtree pair attributes; i.e ou=people,dc=example,dc=org:cn=Users,dc=ad,dc=example,dc=org and ou=people,dc=example,dc=org:ou=administrators,dc=ad,dc=example,dc=org I can either modify the sync agreement using ldapmodify or from the GUI with “Initialize Full Re-synchronization” and as soon as I hit enter after adding another winsyncsubtreepair value the server can’t be contacted
and must be restarted. By “in-scope”, I mean to say that I cannot use a single windows subtree in the agreement; i.e. cn=Users,dc=ad,dc=example,dc=org. Does that add clarity? Mark L. Boyce Senior Identity Management Analyst University of California, Office of the President From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx]
On Behalf Of Rich Megginson On 07/07/2015 10:07 AM, Mark Boyce wrote:
and run a full sync successfully. Upon subsequent attempt to add another pair the dirsrv abends (nothing in the logs)
and the modify operation fails (either via CLI or GUI). This is critical to our org as the AD structure doesn’t lend it’s self to a single “in-scope” OU…
Thanks, m. Mark L. Boyce Senior Identity Management Analyst University of California, Office of the President 415 20th Street Oakland, CA 94612
Office: 510.987.9681 Cell: 209.851.0196
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users |
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
