I have a question about windows sync agreement. Here’s the scenario:
two Windows DC’s and two 389-ds servers as below.
Question1: Can I setup a one-way winsync i.e from windows to ldap? I have tried it and it was like hit or miss. I did this by not giving the “write” permissions to AD for “CN=Sync Manager”. Is this valid way of sync-ing one way? I have error messages “Replica has no update vector. It has never been initialized”. I did a full-resynchronization and it went well without errors. But I am not seeing any entry updates.
Question2: If I have windows sync on both the 389-ds sync-ing to a diferent DC. Does it cause any loop or issues. The problem I am facing is, that I have different OU’s in AD like ou=Marketing, ou=Finance, ou=Customers and only one “ou=People” in 389-ds.
I want only one-way sync. AD-->389-ds
Topology I am trying to make work. Please share your comments.
|--------| |------- |
| DC-1 | <---replication----> | DC-2 |
|--------| |--------|
| |
winsync Winsync
| |
|---------| |-------- |
| 389-1 | <---replication----> | 389-2 |
|---------| |---------|
Thanks,
Prashanth
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
