[389-users] modifying the server of the sync Agreement
jean-Noël Chardron
Jean-Noel.Chardron at dr15.cnrs.fr
Wed Mar 10 10:49:59 UTC 2010
Rich Megginson wrote:
> jean-Noël Chardron wrote:
>
>> hello,
>>
>> In my company, the AD server that is sync with a 389 directory server
>> will be changed by a new one (because the actual AD is used and old and
>> not eternal)
>> In the documentation
>> http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Windows_Sync.html
>> I don't find the possibility to edit the name of the AD in the Sync
>> agreement in the console of 389.
>> I suppose that I need to delete the previous sync agreement and create a
>> new sync agreement with the new AD server.
>> So I have question about this process :
>> 1/ does the deleting sync agreement delete the data in the 389 directory
>> server?
>>
>>
> No.
>
>> 2/ Do I need to create the new sync agreement before to delete the
>> previous or vice versa ?
>>
>>
> You should first delete the previous, then create a new one.
>
>
>
Thanks for your answer.
Ok I delete and create a new one, and the result diff in the dse.ldif is :
# diff dse.ldif-old /etc/dirsrv/slapd-aragon/dse.ldif
1386,1387c1386,1387
< dn: cn=synchroAD, cn=replica, cn="ou=DR15,dc=ad,dc=dr15, dc=cnrs,
dc=fr", cn=m
< apping tree, cn=config
---
> dn: cn=sync AD, cn=replica, cn="ou=DR15,dc=ad,dc=dr15, dc=cnrs,
dc=fr", cn=map
> ping tree, cn=config
1390,1391c1390,1391
< description: Synchronisation de l'AD de zebigbos
< cn: synchroAD
---
> description: Synchro de l'ad avec 15SRVAD
> cn: sync AD
1398c1398
< nsDS5ReplicaHost: zebigbos.dr15.cnrs.fr
---
> nsDS5ReplicaHost: 15srvad.ad.dr15.cnrs.fr
1405,1418c1405,1407
< modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config
< createTimestamp: 20090611082927Z
< modifyTimestamp: 20100309145141Z
< nsds7DirsyncCookie::
TVNEUwMAAAAV2xUImL/KAQAAAAAAAAAA2AEAAEOdAQAAAAAAAAAAAAAA
<
AABDnQEAAAAAAF9Rvn8HIWhOkUunH1LEMI8BAAAAAAAAABMAAAAAAAAAP/yMQ9AY7UWBZKfqbuIU
<
FmOXBwAAAAAAcrpIZcFNk0Otnh6jbg9QyIpwAAAAAAAAPQPjcJTpIEqk0awfWJhXt2BgAAAAAAAA
<
H4lEdfD5sE64GX+P1H8ETKa4CgAAAAAA3eOpfBS2Y0SrHFxTGISQOWqjHQAAAAAAX1G+fwchaE6R
<
S6cfUsQwj3adAQAAAAAAMyQ+hzgHmEiQuVpgulHJPC7FAAAAAAAAjGl+keyEek6GUn9KEi5c/q5H
<
AwAAAAAAZQa0nmx01UWqsytWckzlI0L+AQAAAAAAGazXqygJLEu86IxNUsGY2MSQAAAAAAAASyZd
<
sjx5Gky9OuOXcthaWicwAAAAAAAAqFEJtdSpsUK/43VeNnP+pY1AAAAAAAAA9dvBuRpx7UmWD+rC
<
3w41+V0gAQAAAAAACH3fwPa/UkqSacbwY+m5+vc8AAAAAAAA7sbo9Ib5yEWsNYVHjhdo4ifTQAAA
<
AAAAE4SK9SytXEWdF32IwQsoqvaOCQAAAAAAnASF+yUqj0qpBIkYHYdWatUcAAAAAAAAj29b/BZ1
< 1Uec6sfIJNFYG2JAAAAAAAAAPIF+/pnmE0qhCSz9C438n1cVBwAAAAAA
< nsds50ruv: {replicageneration} 4a2e7e020000ffff0000
---
> modifiersName: cn=directory manager
> createTimestamp: 20100310101217Z
> modifyTimestamp: 20100310101217Z
So I have few more question :
the nsds7DirsyncCookie is not present in the new sync agreement , may be
because I don't initiate a full resynchronisation. right ?
If I initiate a full resynchronisation, does the ldap server keep the
user NT password and the same ntUniqueID in the base ?
> Alternately, you could stop the server, and edit the dse.ldif file
> directly, and just change the name of the AD host. That might work -
> the DS uses the AD DirSync control to sync with AD - if the hostname/IP
> address is part of the cookie, then incremental sync from AD to DS might
> fail - in that case, you would have to re-init the sync (which is what
> you would have to do anyway if you delete and add the agreement).
>
>>
>> thanks,
>>
>>
>>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
Jean-Noel Chardron
More information about the 389-users
mailing list