----- "Jean-Noel Chardron" <Jean-Noel.Chardron@xxxxxxxxxxxx> wrote: > Richard Megginson a écrit : > > ----- "jean-Noël Chardron" <Jean-Noel.Chardron@xxxxxxxxxxxx> wrote: > > > > > >> hello, > >> > >> When I initiate a first full synchronization of DS and AD I lost > >> members > >> in groups > >> > >> error log shows : > >> > >> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: looking for local entry > matching > >> > >> AD entry [CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] > >> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by > guid > >> > >> [c0e73a492ffbc04c9e85781a68f45023] > >> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 > >> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by > uid > >> [SFC] > >> [...] > >> [10/Jun/2009:15:00:11 +0200] - Windows sync entry: Adding new local > > >> entry dn: cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr > >> objectClass: top > >> objectClass: groupofuniquenames > >> objectClass: ntGroup > >> ntGroupDeleteGroup: true > >> cn: SFC > >> description: Service Financier et Comptable > >> uniqueMember: uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, > >> dc=cnrs, dc= > >> fr > >> uniqueMember:[...] > >> follow 10 members > >> > >> [...] > >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - received > entry > >> from > >> dirsync: CN=MX,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr > >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: looking for local entry > matching > >> > >> AD entry > [CN=MX,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] > >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by > guid > >> > >> [0cdf6e627d64684cb10c70b3b8753fda] > >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 > >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by > uid > >> [MX] > >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: problem looking for > username: > >> -1 > >> [10/Jun/2009:15:00:24 +0200] - Windows sync entry: Adding new local > > >> entry dn: uid=MX,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, > >> dc=fr > >> objectClass: top > >> objectClass: person > >> objectClass: organizationalperson > >> objectClass: inetOrgPerson > >> objectClass: ntUser > >> ntUserDeleteAccount: true > >> uid: MX > >> sn: MX > >> givenName: Guillaume > >> cn: MX > >> ntUserCodePage: 0 > >> ntUserAcctExpires: 0 > >> ntUserDomainId: MX > >> mail: Guillaume.MX@xxxxxxxxxxxx > >> ntUniqueId: 0cdf6e627d64684cb10c70b3b8753fda > >> > >> > >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): windows_process_total_entry: Looking > >> dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" > (ours) > >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS > > >> dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" > >> guid="c0e73a492ffbc04c9e85781a68f45023" > >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS > > >> dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" > >> username="SFC" > >> [10/Jun/2009:15:01:34 +0200] - Calling windows entry search > request > >> plugin > >> [10/Jun/2009:15:01:34 +0200] - windows_search_entry: recieved 2 > >> messages, 1 entries, 0 references > >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_outbound: found AD entry > >> dn="CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr" > >> [10/Jun/2009:15:01:34 +0200] - Calling windows entry search > request > >> plugin > >> [10/Jun/2009:15:01:34 +0200] - windows_search_entry: recieved 2 > >> messages, 1 entries, 0 references > >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - > >> windows_generate_update_mods: > >> CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr, description > : > >> values are equal > >> [10/Jun/2009:15:01:35 +0200] - map_dn_values: no local entry found > for > >> > >> uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr > >> [10/Jun/2009:15:01:35 +0200] - map_dn_values: no local entry found > for > >> uid= > >> > >> [follow 10 entries,] > >> > >> [10/Jun/2009:15:01:35 +0200] - Calling windows entry search > request > >> plugin > >> [10/Jun/2009:15:01:35 +0200] - windows_search_entry: recieved 2 > >> messages, 1 entries, 0 references > >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: looking for local entry > matching > >> > >> AD entry > >> [CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] > >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by > guid > >> > >> [72a7171ffaa0d84a9ca4ec2d90a4ab2b] > >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 > >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by > uid > >> [essaibug] > >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: problem looking for > username: > >> -1 > >> [10/Jun/2009:15:01:35 +0200] - Calling windows entry search > request > >> plugin > >> [10/Jun/2009:15:01:35 +0200] - windows_search_entry: recieved 2 > >> messages, 1 entries, 0 references > >> > >> [10/Jun/2009:15:01:38 +0200] NSMMReplicationPlugin - > >> windows_generate_update_mods: > >> CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr, > sAMAccountName > >> : > >> values are equal > >> [10/Jun/2009:15:01:38 +0200] - smod - windows sync > >> [10/Jun/2009:15:01:38 +0200] - smod 0 - delete: member > >> [10/Jun/2009:15:01:38 +0200] - smod 0 - value: member: > >> CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr > >> [10/Jun/2009:15:01:38 +0200] - smod 1 - delete: member > >> [10/Jun/2009:15:01:38 +0200] - smod 1 - value: member: > >> > >> [follow the 10 entries] > >> > >> [10/Jun/2009:15:01:39 +0200] NSMMReplicationPlugin - > >> windows_update_remote_entry: modifying entry > >> CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr > >> [10/Jun/2009:15:01:39 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): Received result code 0 () for modify operation > >> > >> [10/Jun/2009:15:01:55 +0200] - map_dn_values: no local entry found > for > >> > >> uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr > >> > >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - received > entry > >> from > >> dirsync: > >> CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr > >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: looking for local entry > matching > >> > >> AD entry > >> [CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] > >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by > guid > >> > >> [72a7171ffaa0d84a9ca4ec2d90a4ab2b] > >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 > >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by > uid > >> [essaibug] > >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_inbound: problem looking for > username: > >> -1 > >> [10/Jun/2009:15:05:52 +0200] - Windows sync entry: Adding new local > > >> entry dn: uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, > dc=cnrs, > >> dc=fr > >> objectClass: top > >> objectClass: person > >> objectClass: organizationalperson > >> objectClass: inetOrgPerson > >> objectClass: ntUser > >> ntUserDeleteAccount: true > >> uid: essaibug > >> sn: essaibug > >> cn: essaibug > >> ntUserCodePage: 0 > >> ntUserAcctExpires: 9223372036854775807 > >> ntUserDomainId: essaibug > >> ntUniqueId: 72a7171ffaa0d84a9ca4ec2d90a4ab2b > >> > >> [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS > > >> dn="uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, > >> dc=fr" > >> guid="72a7171ffaa0d84a9ca4ec2d90a4ab2b" > >> [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS > > >> dn="uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, > >> dc=fr" > >> username="essaibug" > >> [10/Jun/2009:15:07:13 +0200] - Calling windows entry search > request > >> plugin > >> [10/Jun/2009:15:07:13 +0200] - windows_search_entry: recieved 2 > >> messages, 1 entries, 0 references > >> [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - > >> agmt="cn=zebigbos" > >> (zebigbos:636): map_entry_dn_outbound: found AD entry > >> > dn="CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr" > >> > >> (following the translation of google) > >> I suppose that during the initialization of the replication, > groups > >> have > >> lost members (group sfc) with the logs in order explicit removal > of > >> the > >> member in the group, sent by the DS to AD. The most likely > explanation > >> > >> and that the process is sequential but with a dispatch from AD to > >> DS-anarchic, with a group can be created before members in DS > users. > >> these are leading to a later stage in a request for suppresssion AD > DS > >> > >> to members of the group that did not exist before the creation of > the > >> > >> group. This is "normal" since DS checks the consistency of > information > >> > >> and therefore the group members. The solution to this problem is to > > >> create manually in the AD to add the lost members in the group or > may > >> be > >> to initialize sync twice in a closed time. > >> > >> The administrator of the Windows server and the AD insulted me as a > > >> result of this blunder > >> I asked him if he had a backup of the AD. he had not > >> > >> > > > > So let me see if I understand what is happening: > > DS attempts to sync some groups from AD - since the user does not > exist, it deletes the member from the group. Then it syncs the group > back to AD, and deletes those users from AD. > > Is that correct? > > I suppose a workaround would be to make sure all of the users are > first added to DS, then sync the groups. > > > yes, that is correct. Ok. Please open a bug about this issue. Is there a way to make sure all of the users are synced first? > > >> -- > >> > >> Jean-Noel Chardron > >> > >> > >> -- > >> 389 users mailing list > >> 389-users@xxxxxxxxxx > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > > > > -- > > 389 users mailing list > > 389-users@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > 389 users mailing list > 389-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
