https://fedorahosted.org/389/ticket/415 https://fedorahosted.org/389/attachment/ticket/415/0001-Ticket-415-winsync-doesn-t-sync-DN-valued-attributes.patch Bug description: 2 case were fixed. 1) A group on AD has a member which is not a target of windows sync and exists only on AD. The member value in the group is synchronized to DS. If an operation is executed on AD so that the member is replaced with other members which are the target of the windows sync, the new member values are not synchronized. 2) If a group on AD and DS have members which are local and are not synchronized and the members are removed in the group on the other side, the delete operation is synchronized and deletes all the members including the local members. Fix description: 1) In windows_generate_update_mods, even if a sync'ed member value in a DS entry is not the target of windows sync and it is does not exist on DS, a following modify operation including the member value is proceeded by confirming the existence on AD. 2) AD->DS: in windows_map_mods_for_replay DS->AD: in windwos_generate_update_mods added the code to check if an attribute is completely deleted on one side, then the each value on the other side is in the sync scope or not. Put the value to the mod for the delete only if the value is in the sync scope. -- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-devel
