Hi guys,
Just update for this issue.
Finally, I create multi windows sync agreement for each OU to sync the user account.
like this:
DS Host: 389ds:389Windows Host: dc01.example.com:389DS Subtree: ou=ou1,ou=Users,dc=example,dc=comWindows Subtree: OU=Accounts, DC=example,DC=comReplicated subtree: dc=example,dc=com
DS Host: 389ds:389Windows Host: dc01.example.com:389DS Subtree: ou=ou2,ou=Users,dc=example,dc=comWindows Subtree: OU=Accounts, DC=example,DC=comReplicated subtree: dc=example,dc=com
So the user account sync is done.
For password sync, now I can't sync user's password with an " Initiate full Re-syncronization". I must reset all users one-by-one on AD server to sync the password. This is not convenient.
Do you have any advice?
This is the log info:
[21/Aug/2019:08:56:57.876105371 +0800] - ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Beginning total update of replica "agmt="cn=chuxun" (tc-dc-2:389)".[21/Aug/2019:08:56:58.546297794 +0800] - ERR - NSMMReplicationPlugin - windows sync - windows_process_total_add - agmt="cn=chuxun" (tc-dc-2:389) - Cannot replay add operation.[21/Aug/2019:08:56:58.575112136 +0800] - ERR - NSMMReplicationPlugin - windows sync - bind_and_check_pwp - agmt="cn=chuxun" (tc-dc-2:389): Replication bind with SIMPLE auth resumed[21/Aug/2019:08:56:58.577280706 +0800] - WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=chuxun" (tc-dc-2:389): Replica has no update vector. It has never been initialized.[21/Aug/2019:08:56:58.579569199 +0800] - WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=chuxun" (tc-dc-2:389): Replica has no update vector. It has never been initialized.[21/Aug/2019:08:56:59.581808252 +0800] - WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=wangxun" (tc-dc-2:389): Replica has no update vector. It has never been initialized.
Sincerely,
--
DaV
On Tue, Aug 20, 2019, at 09:28, DaV wrote:
Hi all,I'm using a new 389 directory server on CentOS 7.6 with 389-ds-base.x86_64 (1.3.8.4-15.el7), and I want to sync user and password from Windows 2016 to 389ds one way.The Synchronization Agreement like this:DS Host: 389ds:389Windows Host: dc01.example.com:389DS Subtree: ou=Users,dc=example,dc=comWindows Subtree: OU=Accounts, DC=example,DC=comReplicated subtree: dc=example,dc=comHere is my question:The sync agreement can only sync top-level OU=Accounts, DC=example, DC=com from Win2016 to 389ds server.In fact, I haveou=ou1,ou=accounts,dc=example,dc=comou=ou2,ou=accounts,dc=example,dc=comon Win2016 server.I want the sync agreement can sync not only the top-level but also the child ou.This is the error log for your reference. Thanks![20/Aug/2019:07:58:40.307031692 +0800] - ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Beginning total update of replica "agmt="cn=389ds" (tc-dc-2:389)".[20/Aug/2019:07:58:40.309113230 +0800] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests[20/Aug/2019:08:34:21.730939271 +0800] - WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=389ds" (tc-dc-2:389): Replica has no update vector. It has never been initialized.[20/Aug/2019:08:34:21.733526550 +0800] - WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=389ds" (tc-dc-2:389): Replica has no update vector. It has never been initialized.[20/Aug/2019:08:34:24.735819391 +0800] - WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=389ds" (tc-dc-2:389): Replica has no update vector. It has never been initialized.[20/Aug/2019:08:34:27.738228528 +0800] - WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=389ds" (tc-dc-2:389): Replica has no update vector. It has never been initialized.[20/Aug/2019:08:34:30.873896680 +0800] - ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Beginning total update of replica "agmt="cn=389ds" (tc-dc-2:389)".[20/Aug/2019:08:34:33.170822223 +0800] - ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Finished total update of replica "agmt="cn=389ds" (tc-dc-2:389)". Sent 5 entries.[20/Aug/2019:08:34:33.186359842 +0800] - ERR - NSMMReplicationPlugin - windows sync - bind_and_check_pwp - agmt="cn=389ds" (tc-dc-2:389): Replication bind with SIMPLE auth resumed[20/Aug/2019:08:47:30.032935119 +0800] - ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Beginning total update of replica "agmt="cn=389ds" (tc-dc-2:389)".[20/Aug/2019:08:47:31.035850854 +0800] - ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Finished total update of replica "agmt="cn=389ds" (tc-dc-2:389)". Sent 5 entries.[20/Aug/2019:08:47:31.051614890 +0800] - ERR - NSMMReplicationPlugin - windows sync - bind_and_check_pwp - agmt="cn=389ds" (tc-dc-2:389): Replication bind with SIMPLE auth resumed[20/Aug/2019:08:50:59.533268105 +0800] - WARN - NSMMReplicationPlugin - prot_stop - Incremental protocol for replica "agmt="cn=389ds" (tc-dc-2:389)" did not shut down properly.[20/Aug/2019:09:01:00.155477769 +0800] - WARN - NSMMReplicationPlugin - prot_stop - Total protocol for replica "agmt="cn=389ds" (tc-dc-2:389)" did not shut down properly.Sincerely,--DaV
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
