<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 07/05/2012 02:12 PM, Alberto Viana wrote:
<blockquote
cite="mid:CAD5whWchCUN8-tHo2+_zn4V3ueS6HrGCEes=SE1BX4_HCJNMsw@mail.gmail.com"
type="cite">Rich,
<div><br>
</div>
<div>I found a problem, seems to be a bug:</div>
<div><br>
</div>
<div>When I delete the user from my AD the plugin did not update
the group (did not test deleting first in 389 DS). So the user
does not exist, but in 389 DS group shows me the entry.</div>
</blockquote>
<br>
By default changes in AD are only sync'ed back to 389 every 5
minutes. You can change the winSyncInterval parameter in your sync
agreement entry.<br>
<br>
<a class="moz-txt-link-freetext" href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Using_Windows_Sync-Modifying_the_Sync_Agreement.html#syncagmt-cmd">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Using_Windows_Sync-Modifying_the_Sync_Agreement.html#syncagmt-cmd</a><br>
<br>
<blockquote
cite="mid:CAD5whWchCUN8-tHo2+_zn4V3ueS6HrGCEes=SE1BX4_HCJNMsw@mail.gmail.com"
type="cite">
<div><br>
</div>
<div>When I create the user again,</div>
</blockquote>
<br>
Create the user again in AD?<br>
<br>
<blockquote
cite="mid:CAD5whWchCUN8-tHo2+_zn4V3ueS6HrGCEes=SE1BX4_HCJNMsw@mail.gmail.com"
type="cite">
<div>the 389 (replication plugin or whatever) delete everyone from
my group in 389 DS.</div>
</blockquote>
<br>
I'm not sure I understand. What group? Can you provide more
details?<br>
What version of 389-ds-base? rpm -q 389-ds-base<br>
<br>
<blockquote
cite="mid:CAD5whWchCUN8-tHo2+_zn4V3ueS6HrGCEes=SE1BX4_HCJNMsw@mail.gmail.com"
type="cite">
<div><br>
</div>
<div>I´m not sure if is a 389 DS console problem or plugin
replication problem.</div>
<div><br>
</div>
<div>Could not found anything related to it on bugs.</div>
<div><br>
</div>
<div>Thanks</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
<div class="gmail_quote">On Thu, Jul 5, 2012 at 4:42 PM, Rich
Megginson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div class="h5"> On 07/05/2012 01:32 PM, Alberto Viana
wrote:
<blockquote type="cite">I have a replication with a
389 DS server and my AD domain. According to the
documentation the field used to control the
replication is "NT user ID" on 389 DS and it
is populated from Active directory´s field "<span
style="line-height:17px;text-align:left;font-size:13px;font-family:Arial,Helvetica,FreeSans,sans-serif">sAMAccountName".</span>
<div> <span
style="line-height:17px;text-align:left;font-size:13px;font-family:Arial,Helvetica,FreeSans,sans-serif"><br>
</span></div>
<div><span
style="line-height:17px;text-align:left;font-size:13px;font-family:Arial,Helvetica,FreeSans,sans-serif">The
fact is that "</span><span
style="line-height:17px;text-align:left;font-size:13px;font-family:Arial,Helvetica,FreeSans,sans-serif">sAMAccountName"
is limited to 20 char</span><span
style="line-height:16px;text-align:left;font-size:13px"><font
face="arial, sans-serif">acters. </font></span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px"><font
face="arial, sans-serif"><br>
</font></span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px"><font
face="arial, sans-serif"><br>
</font></span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px"><font
face="arial, sans-serif">My problem is that I
always create my user´s in the active
directory first, so when I create a user
longer than 20 characters, 389 DS create it
missing letters (off corse the problem is
about windows limitation and I know that), I´m
just trying to find out the esiest solution to
my problem.</font></span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px"><font
face="arial, sans-serif"><br>
</font></span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px"><font
face="arial, sans-serif">For example, I have
an user called "therezinha.figueiredo" and
when I create it on my AD the "</font></span><span
style="line-height:17px;text-align:left;font-size:13px;font-family:Arial,Helvetica,FreeSans,sans-serif">sAMAccountName"
is "</span><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif">therezinha.figueired",
so the replication plugin create in the 389
Server an user Called "</span><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif">therezinha.figueired"</span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif"><br>
</span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif">I
Also tried to modifify the user uid and keep the
"NT user ID". For example:</span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif"><br>
</span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif">After
the replication plugin created the user called </span><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif">"</span><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif">therezinha.figueired"
I modified it manually to "</span><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif">"</span><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif">therezinha.figueiredo"
and kept the "NT user ID", but something strange
hapenned with this user groups (in the 389 DS
and also in the Active Directory).</span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px"><font
face="arial, sans-serif"><br>
</font></span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px"><font
face="arial, sans-serif"><br>
</font></span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif">Any
clues? Can I use another field to populate users
"NT user ID" and </span><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif">change
it on the replication plugin? <br>
</span></div>
</blockquote>
<br>
</div>
</div>
It will be a manual process, but you might be able to
create the user first in AD, then manually create the user
in 389, with the ntUniqueID field set to the objectGUID of
the AD entry. 389 winsync uses the uid ->
samAccountName for the initial mapping, but once that is
established, it uses ntUniqueID -> objectGUID.<br>
<br>
At any rate, please file a ticket at <br>
<a moz-do-not-send="true"
href="https://fedorahosted.org/389" target="_blank">https://fedorahosted.org/389</a><br>
<blockquote type="cite">
<div><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif"><br>
</span></div>
<div style="text-align:left"><font face="arial,
sans-serif"><span style="line-height:16px"><br>
</span></font></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif">Thanks </span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif"><br>
</span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif">Alberto
Viana</span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif"><br>
</span></div>
<div><span
style="line-height:16px;text-align:left;font-size:13px;font-family:arial,sans-serif"><br>
</span></div>
<br>
<span class="HOEnZb"><font color="#888888">
<fieldset></fieldset>
<br>
<pre>--
389 users mailing list
<a moz-do-not-send="true" href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>
<a moz-do-not-send="true" href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</font></span></blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>