William,
I do nothing hehehehe, what I mean that I just ignore the errors :)
Here's my agreement:
dn: cn=AD - GTI-DF-DC01,cn=replica,cn=dc\3Dmy\2Cdc\3Ddomain,cn=mapping tree,cn=config
objectClass: top
objectClass: nsDSWindowsReplicationAgreement
description: Sync with AD gti-df-dc01
cn: AD - GTI-DF-DC01
nsds7WindowsReplicaSubtree: dc=my,dc=domain
nsds7DirectoryReplicaSubtree: dc=my,dc=domain
nsds7NewWinUserSyncEnabled: on
nsds7NewWinGroupSyncEnabled: on
nsds7WindowsDomain: gti-df-dc01.my.domain
nsDS5ReplicaRoot: dc=my,dc=domain
nsDS5ReplicaHost: gti-df-dc01.my.domain
nsDS5ReplicaPort: 636
nsDS5ReplicaBindDN: CN=replication login,OU=APLICACOES
,DC=my,DC=domain
nsDS5ReplicaTransportInfo: SSL
nsDS5ReplicaBindMethod: SIMPLE
nsds50ruv: {replicageneration} 54106892000008350000
nsds50ruv: {replica 2101 ldap://idc-ldap-srv01.my.domain:389} 541069a000000835000 0 58dd9091000108350000
nsds50ruv: {replica 2201 ldap://rj-ldap-srv01.my.domain:389} 54107a76000008990000 58db0935000008990000
nsruvReplicaLastModified: {replica 2101 ldap://idc-ldap-srv01.my.domain:389} 58dd36d7
nsruvReplicaLastModified: {replica 2201 ldap://rj-ldap-srv01.my.domain:389} 00000000
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20170602125552Z
nsds5replicaLastUpdateEnd: 20170602125553Z
nsds5replicaChangesSentSinceStartup:: MjEwMToyNDE0LzIyNCAyMjAxOjM5My8yIA==
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate succeeded
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 0
nsds5replicaLastInitEnd: 0
On Thu, Jun 1, 2017 at 8:35 PM, William Brown <wibrown@xxxxxxxxxx> wrote:
On Thu, 2017-06-01 at 10:48 -0300, Alberto Viana wrote:
> I have been using 389 for a while and so far my replication strategy is:
>
> 389 <=> AD
> Replicating whole domain
>
> dc=my,dc=domain
> - OU=user
> -user1
> -user2
> - OU=people
> -user1
> -user2
> - OU=apps
> -user1
> -user2
> - OU=externos
> -user1
> -user2
> ...
>
> But this specific "OU=externos" does not exists on AD side (and I need to
> keep this).
How are you "keeping" this out of the replication? Can you show us your
agreement?
>
>
> My version in production is:
> 389-Directory/1.3.2.19 B2014.201.1231
>
> And I have no problem on this scenario.
>
>
> I'm testing newer versions of 389 (to update my production version) and I
> realized, maybe, that's not the better strategy. Why? Because 389 fails to
> start the full replication when the OU just exists on 389 side (
> https://pagure.io/389-ds-base/issue/48841 ).
>
> So, can you give a clue what should I do when I need a specific OU to be
> outside of my replication?
>
I need to see your config first I htink to comment :)
--
Sincerely,
William Brown
Software Engineer
Red Hat, Australia/Brisbane
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx