Daniel Shackelford wrote:
I am using FDS 1.0.1, syncing with AD. User sync works just fine. I
have a separate sync agreement for groups, but membership does not
seem to be synced...
I do get errors that look like this:
[09/Jan/2006:15:43:58 -0500] NSMMReplicationPlugin -
agmt="cn=ADGroupSYnc" (bsod:636): windows_replay_update: failed to
fetch local entry for modify operation
dn="uid=teststudent,ou=students,ou=people,dc=arbor,dc=edu"
And some like this:
[09/Jan/2006:15:40:45 -0500] - slapi_modify_internal_set_pb: NULL
parameter
[09/Jan/2006:15:40:45 -0500] - allow_operation: component identity is
NULL
And a couple of these:
[09/Jan/2006:15:40:41 -0500] - Entry
"cn=testgroup,ou=portal,ou=uGroups, dc=arbor,dc=edu" -- attribute
"mail" not allowed
[09/Jan/2006:15:40:41 -0500] NSMMReplicationPlugin -
windows_update_local_entry: failed to modify entry
cn=testgroup,ou=portal,ou=uGroups, dc=arbor, dc=edu
Any insight?
Hmm...yes. Unfortunately when I said earlier that this two agreement
scheme would work, I was smoking crack.
I forgot that we have a check on the group members : we don't sync
members that are not also
subject to the sync agreement. It has no way to know that you have those
members sync'ed
with another agreement, and hence assumed that they're not sync'ed. This
will mean that it will
refuse to sync any group content.
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
