Re: [389-users] Windows Sync Agreement Help

Tue, 31 May 2011 10:41:46 -0700 

On 05/31/2011 10:30 AM, Albert Teh wrote:


HI Rich,


[root@algldap ~]# /usr/lib/mozldap/ldapsearch -x -w - -D cn="Directory 
Manager" -b "ou=People,dc=algonquincollege,dc=com" 
"(|(objectclass=ntuser)(objectclass=ntgroup))"

Enter bind password:
[root@algldap ~]#

No Entry found !!!.

You have to tell directory server which entries you want to sync.

See 
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync 



Thanks.
Albert


On Tue, May 31, 2011 at 11:42 AM, Rich Megginson <rmegg...@redhat.com 
<mailto:rmegg...@redhat.com>> wrote:


    On 05/30/2011 08:32 AM, Albert Teh wrote:

    Hi Rich,


    I followed the Guide and still got the same result. Checked with 
    the AD administrator, the AD's user: mailadm has a full privilege.

    /usr/bin/ldapsearch -x -w - -D cn="Directory Manager"-b
    "ou=People,dc=algonquincollege,dc=com"
    "(|(objectclass=ntuser)(objectclass=ntgroup))"

    How many entries match that search?



    Thanks.
    Albert

    Here is the Windows Sync Agreement info:

    [root@algldap slapd-algldap]# /usr/lib/mozldap/ldapsearch -w - -D
    cn="Directory Manager" -b cn=config cn=ADSync
    Enter bind password:
    version: 1
    dn:
    cn=ADSync,cn=replica,cn=dc\3Dalgonquincollege\2Cdc\3Dcom,cn=mapping
    tree,c
     n=config
    objectClass: top
    objectClass: nsDSWindowsReplicationAgreement
    description: AD Sync Agreement
    cn: ADSync
    nsds7WindowsReplicaSubtree:
    cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=co
     m
    nsds7DirectoryReplicaSubtree: ou=People, dc=algonquincollege,dc=com
    nsds7NewWinUserSyncEnabled: on
    nsds7NewWinGroupSyncEnabled: on
    nsds7WindowsDomain: ottawa.ad.algonquincollege.com
    <http://ottawa.ad.algonquincollege.com>
    nsDS5ReplicaRoot: dc=algonquincollege,dc=com
    nsDS5ReplicaHost: wodcstage-1.ottawa.ad.algonquincollege.com
    <http://wodcstage-1.ottawa.ad.algonquincollege.com>
    nsDS5ReplicaPort: 389
    nsDS5ReplicaBindDN:
    cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc
     =com
    nsDS5ReplicaBindMethod: SIMPLE
    nsDS5ReplicaCredentials: {DES}U68ooQM3C15xjJ/taDmy0A==
    nsds5replicareapactive: 0
    nsds5replicaLastUpdateStart: 20110530141648Z
    nsds5replicaLastUpdateEnd: 20110530141648Z
    nsds5replicaChangesSentSinceStartup:
    nsds5replicaLastUpdateStatus: 0 Replica acquired successfully:
    Incremental upd
     ate succeeded
    nsds5replicaUpdateInProgress: FALSE
    nsds5replicaLastInitStart: 20110530140648Z
    nsds5replicaLastInitEnd: 20110530140648Z
    nsds5replicaLastInitStatus: 0 Total update succeeded
    [root@algldap slapd-algldap]#



    On Fri, May 27, 2011 at 10:57 AM, Rich Megginson
    <rmegg...@redhat.com <mailto:rmegg...@redhat.com>> wrote:

        On 05/27/2011 04:22 AM, Albert Teh wrote:

        Hi Rich,

        I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added
        onewaysync set as fromWindows in the multimaster replication
        plugin. I still got the same result with no user created in
        the DS subtree.

        Have you read
        
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync




        Errors log:

        [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin -
        Beginning total update of replica "agmt="cn=ADSync"
        (wodcstage-1:389)".
        [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin -
        Finished total update of replica "agmt="cn=ADSync"
        (wodcstage-1:389)". Sent 0 entries.


        Access log:

        [27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH
        
base="cn=ADSync,cn=replica,cn=dc\3Dalgonquincollege\2Cdc\3Dcom,cn=mapping
        tree,cn=config" scope=0
        filter="(|(objectClass=*)(objectClass=ldapsubentry))"
        attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
        nsds5replicaChangesSentSinceStartup
        nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress
        nsds5replicaLastInitStart nsds5replicaLastInitEnd
        nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
        [27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0
        tag=101 nentries=1 etime=

        Thanks for your help.

        Albert



        On Thu, May 26, 2011 at 11:13 AM, Rich Megginson
        <rmegg...@redhat.com <mailto:rmegg...@redhat.com>> wrote:

            On 05/26/2011 08:58 AM, Albert Teh wrote:

            Hi,

            We are setting up a new CENTOS-DS version 8.1.0. and
            CENTOS 5.5 and attempt to synchronize with the existing
            2003 Windows AD server.
            Performing  the full sync completed. There is no user
            created in the DS subtree.

            We would like to perform one way Sync:  AD ----> DS.
            Once it works, we will set up the password Sync from
            the AD to DS.

            One way sync isn't supported with 8.1.0.  I suggest
            using 389-ds-base 1.2.8.3 from EPEL5 which does support
            one way sync.
            
http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync


            AD:   cn=Users,cn=location,dc=ad,dc=domain,dc=com
            DS:   ou=Peoples,dc=domain,dc=com

            errors log:


            [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin -
            Beginning total update of replica "agmt="cn=ADsync"
            (wodcstage-1:389)".
            [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin -
            Finished total update of replica "agmt="cn=ADsync"
            (wodcstage-1:389)". Sent 0 entries.

            access log:

            26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH
            base="cn=ADsync, cn=replica, cn=\22dc=algonquincollege,
            dc=com\22, cn=mapping tree, cn=config" scope=0
            filter="(|(objectClass=*)(objectClass=ldapsubentry))"
            attrs="nsds5replicaLastUpdateStart
            nsds5replicaLastUpdateEnd
            nsds5replicaChangesSentSinceStartup
            nsds5replicaLastUpdateStatus
            nsds5replicaUpdateInProgress nsds5replicaLastInitStart
            nsds5replicaLastInitEnd nsds5replicaLastInitStatus
            nsds5BeginReplicaRefresh"
            [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT
            err=0 tag=101 nentries=1 etime=0


            Thanks.
            Albert



            --
            389 users mailing list
            389-us...@lists.fedoraproject.org  
<mailto:389-us...@lists.fedoraproject.org>
            https://admin.fedoraproject.org/mailman/listinfo/389-users






        -- 
        Albert Teh

        Email: teh.alb...@gmail.com <mailto:teh.alb...@gmail.com>






    -- 
    Albert Teh

    Email: teh.alb...@gmail.com <mailto:teh.alb...@gmail.com>





--
Albert Teh
Email: teh.alb...@gmail.com



--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





















					Reply via email to