On 02/14/2011 02:09 AM, remy d1 wrote:
Hi,
Is there a timeout for Windows Sync ?
It uses the same one as regular replication
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#setting-replication-timeout-periods
Thanks
2011/2/9 Rich Megginson <rmeggins@xxxxxxxxxx>
On 02/09/2011 06:39 AM, remy d1 wrote:
Hi Rich,
I reinstalled all my server from scratch
and reimported all my data (with cert files).
If I try to synchronize my data, I can import users from
AD to 389-DS but I can't do the opposite. My 389 server
replica is always in status "in progress" with "replica
acquired successfully : incremental update started", but
it can't finish the synchronization job.
Sometimes you have to tell winsync to do a full resync a few
times before it finally works.
I could also continue to launch request to my AD server
from my 389-DS server (ldapsearch...). I successfully
add a user to my AD with Apache Directory Studio
(installed on my 389-DS server) with the AD
synchronizing account. So, it's not an access problem.
Moreover I added a schema on my 389-DS for my directory
that is not present on my AD. Do you think I have to add
this schema to AD or is the synchronization done only on
AD required attributes ?
No. The schema that winsync uses is hard coded in 389 - you
cannot extend it or change it - it should work with AD, no
changes to AD should be required.
Or,
Is it a cert file problem on my AD ?
or ...?
Any idea would be appreciated
Regards-
2011/1/25 Rich Megginson <rmeggins@xxxxxxxxxx>
On 01/25/2011 01:29 AM, remy d1 wrote:
Hi Rich,
I tried to raise the log level, but when I
did it, I was not able to stop/restart my
dirsrv service.
What log level did you use? What error messages
did you see when you attempted to stop/restart
the service? Anything in the errors log?
To stop it, I must
kill the process and remove the pid file.
Then I could start it.
In my error logs, there is a lot of
informations :
[root@KingKong
~]# tail
/var/log/dirsrv/slapd-KingKong/errors
[24/Jan/2011:16:18:30 +0100]
NSMMReplicationPlugin - changelog program
- cl5GetOperationCount: could not get DB
object for replica
[24/Jan/2011:16:18:30 +0100]
NSMMReplicationPlugin - changelog program
- _cl5GetDBFile: no DB object found for
database
/var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4
[24/Jan/2011:16:18:30 +0100]
NSMMReplicationPlugin - changelog program
- cl5GetOperationCount: could not get DB
object for replica
[24/Jan/2011:16:18:40 +0100]
NSMMReplicationPlugin - changelog program
- _cl5GetDBFile: no DB object found for
database
/var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4
[24/Jan/2011:16:18:40 +0100]
NSMMReplicationPlugin - changelog program
- cl5GetOperationCount: could not get DB
object for replica
[24/Jan/2011:16:18:41 +0100]
NSMMReplicationPlugin - changelog program
- _cl5GetDBFile: no DB object found for
database
/var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4
[24/Jan/2011:16:18:41 +0100]
NSMMReplicationPlugin - changelog program
- cl5GetOperationCount: could not get DB
object for replica
[24/Jan/2011:16:18:42 +0100]
NSMMReplicationPlugin - changelog program
- _cl5GetDBFile: no DB object found for
database
/var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4
[24/Jan/2011:16:18:42 +0100]
NSMMReplicationPlugin - changelog program
- cl5GetOperationCount: could not get DB
object for replica
[24/Jan/2011:16:24:18 +0100]
NSMMReplicationPlugin - changelog program
- cl5ExportLDIF: failed to locate
changelog file for replica at
(dc=mydomain,dc=com)
This problem is very similar to this post :
Although I have the last version of 389-DS.
Are you sure this is the correct post you wanted
to refer to? Because this is a patch commit for
a fix when moving the changelog directory - did
you move the changelog directory? Because you
did not mention it in your earlier post.
I think I have also some troubleshooting
with my hostname because bind is not
configured. However, I have choosen to put
it my /etc/hosts file
[root@KingKong ~]# nl /etc/host.conf
ÂÂÂÂ 1ÂÂÂ multi on
ÂÂÂÂ 2ÂÂÂ order hosts,bind
hostname command reply the full "fqdn" if I
choose the option --all-fqdn, contrary to
the option "--fqdn". The reply is just my
hostname without the domain. By the way, if
I say
Eveything is now good for my hostname but I
can not launch my 389-console. I think the
adress to connect is not ok... I do not know
if this problem is linked to the previous
problems...
So, I do #hostname KingKong
Then, I launch the console again. Now, if I
try to initiate a full synchronization, I
can see (and I am still stuck on it) the
window "please wait while data is being
synchronized...", but nothing else... Data
are not synchronized and I do not see
anything in my Windows event viewer while
replica agreement seems to be ok and
PassSync service is installed...
It is very difficult to change your hostname
after you have configured the admin server and
console. I suggest starting over from scratch,
and first make sure your hostname is correct.
I also suggest using http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync
to configure Windows Sync.
Thanks for help,
-Regards
2011/1/21 Rich
Megginson <rmeggins@xxxxxxxxxx>
Date:
Fri, 21 Jan 2011 10:25:56 +0100
Hi Rich,
Thanks for this usefull link.
I have successfully initiate
replica between Windows AD and my
server 389-DS. Ldapsearch is
working. But even if everything
seems to be ok, the update does
not work and I do not see any
error in the log files... So, my
AD server stay empty, the accounts
are not migrate...
Here you have my access log file
which is more verbose... ( mydomain.com
for the example) :
<snip>
Obviously I am
connecting to the server 389-DS
itself whereas it can resolve the
DNS name of my Windows server...
There is no error in the AD event
viewer while I could see errors on
it when it was misconfigured
(like DirSync errors)... So,
basically, the Windows server is
contacted to my DS-Server over 2
different networks.
Do you think I have to open the
ports described in my message ?
-Regards.
I don't know. There is no winsync
information in the access log. Note
that the access log records client
accesses to the directory server, and
in winsync, the directory server
itself acts as a client to AD, so
winsync will log nothing in the access
log. The errors log could be helpful,
and especially using the replication
log level (which is also used for
winsync logging). The Windows Event
Viewer is useless for winsync issues.
|
