Re: Windows Sync Agreement issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> On 21 Aug 2019, at 22:10, DaV <snowfrs@xxxxxxxxx> wrote:
> 
> Hi guys,
> Just update for this issue.
> 
> Finally, I create multi windows sync agreement for each OU to sync the user account.
> like this:
> 
>> DS Host: 389ds:389
>> Windows Host: dc01.example.com:389
>> DS Subtree: ou=ou1,ou=Users,dc=example,dc=com
>> Windows Subtree: OU=Accounts, DC=example,DC=com
>> Replicated subtree: dc=example,dc=com
> 
>> DS Host: 389ds:389
>> Windows Host: dc01.example.com:389
>> DS Subtree: ou=ou2,ou=Users,dc=example,dc=com
>> Windows Subtree: OU=Accounts, DC=example,DC=com
>> Replicated subtree: dc=example,dc=com
> So the user account sync is done.
> 
> For password sync, now I can't sync user's password with an " Initiate full Re-syncronization".  I must reset all users one-by-one on AD server to sync the password.  This is not convenient.
> 
> Do you have any advice? 
> 

I think Mark is the person who knows the most about this. I agree your solution isn't really optimal here so I totally get you wanting to improve this. My concern is moving an account from ou1 to ou2 and how that would work (or break).




> 
> This is the log info:
>> [21/Aug/2019:08:56:57.876105371 +0800] - ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Beginning total update of replica "agmt="cn=chuxun" (tc-dc-2:389)".
>> [21/Aug/2019:08:56:58.546297794 +0800] - ERR - NSMMReplicationPlugin - windows sync - windows_process_total_add - agmt="cn=chuxun" (tc-dc-2:389) - Cannot replay add operation.
>> [21/Aug/2019:08:56:58.575112136 +0800] - ERR - NSMMReplicationPlugin - windows sync - bind_and_check_pwp - agmt="cn=chuxun" (tc-dc-2:389): Replication bind with SIMPLE auth resumed
>> [21/Aug/2019:08:56:58.577280706 +0800] - WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=chuxun" (tc-dc-2:389): Replica has no update vector. It has never been initialized.
>> [21/Aug/2019:08:56:58.579569199 +0800] - WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=chuxun" (tc-dc-2:389): Replica has no update vector. It has never been initialized.
>> [21/Aug/2019:08:56:59.581808252 +0800] - WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=wangxun" (tc-dc-2:389): Replica has no update vector. It has never been initialized.
> 
> Sincerely,
> --
> DaV
>  
> 
> 
> 
> On Tue, Aug 20, 2019, at 09:28, DaV wrote:
>> Hi all,
>> I'm using a new 389 directory server on CentOS 7.6 with 389-ds-base.x86_64 (1.3.8.4-15.el7), and I want to sync user and password from Windows 2016 to 389ds one way.
>> The Synchronization Agreement like this:
>> DS Host: 389ds:389
>> Windows Host: dc01.example.com:389
>> DS Subtree: ou=Users,dc=example,dc=com
>> Windows Subtree: OU=Accounts, DC=example,DC=com
>> Replicated subtree: dc=example,dc=com
>> 
>> Here is my question:
>> The sync agreement can only sync top-level OU=Accounts, DC=example, DC=com from Win2016 to 389ds server.
>> In fact, I have 
>> ou=ou1,ou=accounts,dc=example,dc=com
>> ou=ou2,ou=accounts,dc=example,dc=com
>> on Win2016 server.
>> I want the sync agreement can sync not only the top-level but also the child ou.
>> 
>> This is the error log for your reference. Thanks!
>>> [20/Aug/2019:07:58:40.307031692 +0800] - ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Beginning total update of replica "agmt="cn=389ds" (tc-dc-2:389)".
>>> [20/Aug/2019:07:58:40.309113230 +0800] - INFO - slapd_daemon - slapd started.  Listening on All Interfaces port 389 for LDAP requests
>>> [20/Aug/2019:08:34:21.730939271 +0800] - WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=389ds" (tc-dc-2:389): Replica has no update vector. It has never been initialized.
>>> [20/Aug/2019:08:34:21.733526550 +0800] - WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=389ds" (tc-dc-2:389): Replica has no update vector. It has never been initialized.
>>> [20/Aug/2019:08:34:24.735819391 +0800] - WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=389ds" (tc-dc-2:389): Replica has no update vector. It has never been initialized.
>>> [20/Aug/2019:08:34:27.738228528 +0800] - WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=389ds" (tc-dc-2:389): Replica has no update vector. It has never been initialized.
>>> [20/Aug/2019:08:34:30.873896680 +0800] - ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Beginning total update of replica "agmt="cn=389ds" (tc-dc-2:389)".
>>> [20/Aug/2019:08:34:33.170822223 +0800] - ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Finished total update of replica "agmt="cn=389ds" (tc-dc-2:389)". Sent 5 entries.
>>> [20/Aug/2019:08:34:33.186359842 +0800] - ERR - NSMMReplicationPlugin - windows sync - bind_and_check_pwp - agmt="cn=389ds" (tc-dc-2:389): Replication bind with SIMPLE auth resumed
>>> [20/Aug/2019:08:47:30.032935119 +0800] - ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Beginning total update of replica "agmt="cn=389ds" (tc-dc-2:389)".
>>> [20/Aug/2019:08:47:31.035850854 +0800] - ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Finished total update of replica "agmt="cn=389ds" (tc-dc-2:389)". Sent 5 entries.
>>> [20/Aug/2019:08:47:31.051614890 +0800] - ERR - NSMMReplicationPlugin - windows sync - bind_and_check_pwp - agmt="cn=389ds" (tc-dc-2:389): Replication bind with SIMPLE auth resumed
>>> [20/Aug/2019:08:50:59.533268105 +0800] - WARN - NSMMReplicationPlugin - prot_stop - Incremental protocol for replica "agmt="cn=389ds" (tc-dc-2:389)" did not shut down properly.
>>> [20/Aug/2019:09:01:00.155477769 +0800] - WARN - NSMMReplicationPlugin - prot_stop - Total protocol for replica "agmt="cn=389ds" (tc-dc-2:389)" did not shut down properly.
>> 
>> 
>> Sincerely,
>> --
>> DaV
>>  
>> 
>> 
> 
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx

—
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux