Hi guys!
I need to do subj operation, without ssl and syncpass, and seems that I do everything according https://access.redhat.com/documentation/en-us/red_hat_directory_server/9.0/html/administration_guide/windows_sync-configuring_windows_sync
but no luck yet :(
Maybe someone have such experience? It this possible ever?
error.log from DS with debug mode turned on:
=========
[07/Jul/2017:14:45:46.205742598 +0300] NSMMReplicationPlugin - windows sync - Running Dirsync
[07/Jul/2017:14:45:46.307205965 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): State: wait_for_changes -> wait_for_changes
[07/Jul/2017:14:45:46.332118308 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): State: wait_for_changes -> ready_to_acquire_replica
[07/Jul/2017:14:45:46.357281411 +0300] acquire_replica, supplier RUV:
[07/Jul/2017:14:45:46.382317390 +0300] NSMMReplicationPlugin - supplier: {replicageneration} 595a5d92000000010000
[07/Jul/2017:14:45:46.407471865 +0300] acquire_replica, consumer RUV:
[07/Jul/2017:14:45:46.524295603 +0300] NSMMReplicationPlugin - consumer: {replicageneration} 595a5d92000000010000
[07/Jul/2017:14:45:46.551039635 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): Trying non-secure slapi_ldap_init_ext
[07/Jul/2017:14:45:46.568052882 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): binddn = cn=robot-cauth,ou=techusers,dc=**,dc=****,dc=***, passwd = *********
[07/Jul/2017:14:45:46.591223907 +0300] windows_conn_connect : detected Win2k3 or later peer
[07/Jul/2017:14:45:46.609678106 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): No linger to cancel on the connection
[07/Jul/2017:14:45:46.626666798 +0300] _csngen_adjust_local_time: gen state before 595f733f0002:1499427647:0:0
[07/Jul/2017:14:45:46.643179966 +0300] _csngen_adjust_local_time: gen state after 595f746a0000:1499427946:0:0
[07/Jul/2017:14:45:46.659915068 +0300] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101)
[07/Jul/2017:14:45:46.676553114 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): State: ready_to_acquire_replica -> sending_updates
[07/Jul/2017:14:45:46.790456360 +0300] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: no DB object found for database /var/lib/dirsrv/slapd-ds/changelogdb/229c6c82-600111e7-8cfc9a96-210bea69_595a5d92000000010000.db
[07/Jul/2017:14:45:46.976986924 +0300] NSMMReplicationPlugin - changelog program - cl5CreateReplayIteratorEx: could not find DB object for replica
[07/Jul/2017:14:45:47.002210180 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): No changes to send
[07/Jul/2017:14:45:47.019263819 +0300] Calling dirsync search request plugin
[07/Jul/2017:14:45:47.088348158 +0300] Sending dirsync search request
[07/Jul/2017:14:45:47.163592499 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): Beginning linger on the connection
[07/Jul/2017:14:45:47.227723975 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): State: sending_updates -> wait_for_changes
[07/Jul/2017:14:46:47.229642395 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): Linger timeout has expired on the connection
[07/Jul/2017:14:46:47.315570281 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): Disconnected from the consumer
=========
And here is Replica Agreement:I need to do subj operation, without ssl and syncpass, and seems that I do everything according https://access.redhat.com/documentation/en-us/red_hat_directory_server/9.0/html/administration_guide/windows_sync-configuring_windows_sync
but no luck yet :(
Maybe someone have such experience? It this possible ever?
error.log from DS with debug mode turned on:
=========
[07/Jul/2017:14:45:46.205742598 +0300] NSMMReplicationPlugin - windows sync - Running Dirsync
[07/Jul/2017:14:45:46.307205965 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): State: wait_for_changes -> wait_for_changes
[07/Jul/2017:14:45:46.332118308 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): State: wait_for_changes -> ready_to_acquire_replica
[07/Jul/2017:14:45:46.357281411 +0300] acquire_replica, supplier RUV:
[07/Jul/2017:14:45:46.382317390 +0300] NSMMReplicationPlugin - supplier: {replicageneration} 595a5d92000000010000
[07/Jul/2017:14:45:46.407471865 +0300] acquire_replica, consumer RUV:
[07/Jul/2017:14:45:46.524295603 +0300] NSMMReplicationPlugin - consumer: {replicageneration} 595a5d92000000010000
[07/Jul/2017:14:45:46.551039635 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): Trying non-secure slapi_ldap_init_ext
[07/Jul/2017:14:45:46.568052882 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): binddn = cn=robot-cauth,ou=techusers,dc=**,dc=****,dc=***, passwd = *********
[07/Jul/2017:14:45:46.591223907 +0300] windows_conn_connect : detected Win2k3 or later peer
[07/Jul/2017:14:45:46.609678106 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): No linger to cancel on the connection
[07/Jul/2017:14:45:46.626666798 +0300] _csngen_adjust_local_time: gen state before 595f733f0002:1499427647:0:0
[07/Jul/2017:14:45:46.643179966 +0300] _csngen_adjust_local_time: gen state after 595f746a0000:1499427946:0:0
[07/Jul/2017:14:45:46.659915068 +0300] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101)
[07/Jul/2017:14:45:46.676553114 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): State: ready_to_acquire_replica -> sending_updates
[07/Jul/2017:14:45:46.790456360 +0300] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: no DB object found for database /var/lib/dirsrv/slapd-ds/changelogdb/229c6c82-600111e7-8cfc9a96-210bea69_595a5d92000000010000.db
[07/Jul/2017:14:45:46.976986924 +0300] NSMMReplicationPlugin - changelog program - cl5CreateReplayIteratorEx: could not find DB object for replica
[07/Jul/2017:14:45:47.002210180 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): No changes to send
[07/Jul/2017:14:45:47.019263819 +0300] Calling dirsync search request plugin
[07/Jul/2017:14:45:47.088348158 +0300] Sending dirsync search request
[07/Jul/2017:14:45:47.163592499 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): Beginning linger on the connection
[07/Jul/2017:14:45:47.227723975 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): State: sending_updates -> wait_for_changes
[07/Jul/2017:14:46:47.229642395 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): Linger timeout has expired on the connection
[07/Jul/2017:14:46:47.315570281 +0300] NSMMReplicationPlugin - windows sync - agmt="cn=From-ad" (ad01-sklk:389): Disconnected from the consumer
=========
===========
dn: cn=From-ad,cn=replica,cn=dc\3D**\2Cdc\3D****\2Cdc\3Dnet,cn=mapping tre
e,cn=config
objectClass: top
objectClass: nsDSWindowsReplicationAgreement
description: uni-direct sync from AD
cn: From-ad
nsds7WindowsReplicaSubtree: cn=users,dc=**,dc=*****,dc=**
nsds7DirectoryReplicaSubtree: cn=users,dc=**,dc=****,dc=**
nsds7NewWinUserSyncEnabled: on
nsds7NewWinGroupSyncEnabled: on
nsds7WindowsDomain: **.*****.**
nsDS5ReplicaRoot: dc=**,dc=****,dc=***
nsDS5ReplicaHost: ad01-sklk....
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=robot-cauth,ou=techusers,dc=**,dc=****,dc=***
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaCredentials: ******************
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config
createTimestamp: 20170703152542Z
modifyTimestamp: 20170707115048Z
oneWaySync: fromWindows
nsds50ruv: {replicageneration} 595a5d92000000010000
================
It seems like DS trying to push changes to AD (why?! I've added onewaysync 'fromwindows' attr to agreement), but even no try to pull AD tree from it...
I really need advice in it, there is no sense from google.
--
Best regards, Andrew.
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx