Re: Windows Sync Agreement not copying all objects

[Mark Reynolds <mreynolds@xxxxxxxxxx>]

On 7/2/19 9:33 PM, William Brown wrote:
> > On 3 Jul 2019, at 02:16, Mark Reynolds <mreynolds@xxxxxxxxxx> wrote:
> >
> >
> >
> > On 7/2/19 12:09 PM, Abhisheyk Deb wrote:
> > > Hi,
> > >
> > > It turns out it was mistake from our end, we were checking too early before the actual replication was done completely. Now that works properly.
> > >
> > > The direction of replication is from AD -> 389 DS
> > >
> > > But now we have a new requirement which is to copy from multiple Source Subtree from Windows to Linux.
> > >
> > > To get both subtrees I used the winSyncSubtreePair multivalued attribute.
> > >
> > > This is the replication agreement we have right now
> > >
> > > dn: cn=UsersSyncAgreement,cn=replica,cn=dc\=example\,dc\=com\,cn=mapping tree,cn=config
> > > changetype: add
> > > objectclass: top
> > > objectclass: nsDSWindowsReplicationAgreement
> > > cn: UsersSyncAgreement
> > > winSyncSubtreePair: cn=Users,dc=adexample,dc=com:ou=userandgroups,dc=example,dc=com
> > > winSyncSubtreePair: ou=ItalyGroups,dc=adexample,dc=com:ou=userandgroups,dc=example,dc=com
> > > nsds7NewWinUserSyncEnabled: on
> > > nsds7NewWinGroupSyncEnabled: on
> > > nsds7WindowsDomain: adexample.com
> > > nsDS5ReplicaRoot: dc=example,dc=com
> > > nsDS5ReplicaHost: adexample.com
> > > nsDS5ReplicaPort: 389
> > > nsDS5ReplicaTransportInfo: LDAP
> > > nsDS5ReplicaBindDN: cn=replication user,cn=Users,dc=adexample,dc=com
> > > nsDS5ReplicaBindMethod: SIMPLE
> > > nsDS5ReplicaCredentials: secret
> > > winSyncInterval: 1200
> > >
> > > We want to copy both subtrees  cn=Users  and ou=ItalyGroups from the AD to 389 DS subtree ou=userandgroups,dc=example,dc=com.
> > >
> > > Once the 389 Directory Server is installed, and this replication agreement is configured, I am able to access the 389 DS.
> > >
> > > But once I initialize this replication agreement using the following
> > >
> > > dn: cn=UsersSyncAgreement,cn=replica,cn=dc\=example\,dc\=com\,cn=mapping tree,cn=config
> > > changetype: modify
> > > replace: nsds5BeginReplicaRefresh
> > > nsds5BeginReplicaRefresh: start
> > >
> > > The dirsrv service crashes.
> >
> > The server should not crash, can you please get a stack trace:
> >
> > https://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes
> >
> >
> > > Can you help me with this problem, Am I configuring something wrong in the above replication agreement?
> > What if you remove the second winSyncSubtreePair attribute?  I'm not 100% sure using more than one winSyncSubtreePair attribute works anyway (I need to investigate that)...
> >
> > But if you don't mind please get a stack trace so we can at least fix the crash.
> Hey there (looking mainly at Mark here), do we have build instructions for winsync code, and a how-to? I'm sure we do, but I'm curious to set this up at home now to see how it works ...

You mean passSync?

http://www.port389.org/docs/389ds/development/buildingpasssync.html

Winsync is built into the replication code, so the admin guide has 
everything you need to know about its usage.

Mark

> Thanks mate!
>
>
> > Thanks,
> >
> > Mark
> >
> > > Thank you
> > > Abhishek Deb
> > >
> > >
> > > On Sun, Jun 30, 2019 at 9:24 PM William Brown <wbrown@xxxxxxx> wrote:
> > >
> > >
> > > > On 25 Jun 2019, at 05:09, Abhisheyk Deb <abhisheykdeb@xxxxxxxxx> wrote:
> > > >
> > > > Hi,
> > > >
> > > > We have the following setup.
> > > >
> > > > Active Directory Server in US.
> > > > 389 DS Server in Italy.
> > > >
> > > > We are able to access the Active Directory Server from 389 DS.
> > > > We installed the sync agreement. No body is touching the AD, the number of objects that should copied is 21. But every time we are running the replication agreement, the number of objects being copied is always different. How can that be if there is no change happening at the AD Server.
> > > >
> > > > Is the replication done over UDP or TCP.
> > > >
> > > > Also is it because of distance and delay that is causing the synchronization issues.
> > > >
> > > > If some can elaborate in this issue, it would be really helpful.
> > > Sorry for the very late reply,
> > >
> > > Replication like this, can be partial - it may not send all objects or structures, just ones defined in the agreement.
> > >
> > > I think we'll need to see your winsync agreement from cn=config to know more, and to see what kind of objects are being sent, and what is not.
> > >
> > > Is it objects from 389 to AD or in the other direction that are/are not being synced?
> > >
> > > Thanks,
> > >
> > > > Thank you
> > > > Abhishek Deb
> > > > _______________________________________________
> > > > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> > > > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> > > > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
> > > —
> > > Sincerely,
> > >
> > > William Brown
> > >
> > > Senior Software Engineer, 389 Directory Server
> > > SUSE Labs
> > > _______________________________________________
> > > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> > > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> > > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
> > >
> > >
> > > _______________________________________________
> > > 389-users mailing list --
> > > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> > >
> > > To unsubscribe send an email to
> > > 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> > >
> > > Fedora Code of Conduct:
> > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > >
> > > List Guidelines:
> > > https://fedoraproject.org/wiki/Mailing_list_guidelines
> > >
> > > List Archives:
> > > https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
> > --
> >
> > 389 Directory Server Development Team
> >
> > _______________________________________________
> > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
> —
> Sincerely,
>
> William Brown
>
> Senior Software Engineer, 389 Directory Server
> SUSE Labs
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx

--

389 Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx