<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 07/18/2013 11:46 PM, Juan Carlos
Camargo wrote:<br>
</div>
<blockquote
cite="mid:2139232739.40852.1374212804995.JavaMail.root@eprinsa.es"
type="cite">
<div style="font-family: arial,helvetica,sans-serif; font-size:
10pt; color: #000000">
<div>Rich,</div>
<div><br>
</div>
<div>Thanks for replying.</div>
<div>The entry CN=XXXX is the same in both cases and inside the
scope (inside the windows subtree). The agreements are the
same in both servers:</div>
</div>
</blockquote>
<br>
Ok. Can you reproduce the problem with the Replication log level
enabled, then post your errors log showing the problem?
<a class="moz-txt-link-freetext" href="http://port389.org/wiki/FAQ#Troubleshooting">http://port389.org/wiki/FAQ#Troubleshooting</a><br>
<br>
<blockquote
cite="mid:2139232739.40852.1374212804995.JavaMail.root@eprinsa.es"
type="cite">
<div style="font-family: arial,helvetica,sans-serif; font-size:
10pt; color: #000000">
<div><br>
</div>
<div>v1.2.11.15</div>
<div>
<div>dn:
cn=ad5,cn=replica,cn=dc\3Dmetaeprinsa\2Cdc\3Dorg,cn=mapping
tree,cn=config</div>
<div>objectClass: top</div>
<div>objectClass: nsDSWindowsReplicationAgreement</div>
<div>description: ad5</div>
<div>cn: ad5</div>
<div>nsds7WindowsReplicaSubtree: dc=epr</div>
<div>nsds7DirectoryReplicaSubtree:
ou=usuarios,dc=metaeprinsa,dc=org</div>
<div>nsds7NewWinUserSyncEnabled: on</div>
<div>nsds7NewWinGroupSyncEnabled: off</div>
<div>nsds7WindowsDomain: epr</div>
<div>nsDS5ReplicaRoot: dc=metaeprinsa,dc=org</div>
<div>nsDS5ReplicaHost: ad5.epr</div>
<div>nsDS5ReplicaPort: 389</div>
<div>nsDS5ReplicaBindDN: cn=metasync,ou=usuarios de
servicio,ou=grupos,dc=epr</div>
<div>nsDS5ReplicaBindMethod: SIMPLE</div>
<div>nsDS5ReplicaCredentials: ****</div>
<div><span style="font-size: 10pt;">oneWaySync: fromWindows</span></div>
</div>
<div><br>
</div>
<div>v1.3</div>
<div><span style="font-size: 10pt;">dn:
cn=ad5,cn=replica,cn=dc\3Dmetaeprinsa\2Cdc\3Dorg,cn=mapping
tree,cn=config</span></div>
<div>
<div>objectClass: top</div>
<div>objectClass: nsDSWindowsReplicationAgreement</div>
<div>description: ad5</div>
<div>cn: ad5</div>
<div>nsds7WindowsReplicaSubtree: dc=epr</div>
<div>nsds7DirectoryReplicaSubtree:
ou=usuarios,dc=metaeprinsa,dc=org</div>
<div>nsds7NewWinUserSyncEnabled: on</div>
<div>nsds7NewWinGroupSyncEnabled: off</div>
<div>nsds7WindowsDomain: epr</div>
<div>nsDS5ReplicaRoot: dc=metaeprinsa,dc=org</div>
<div>nsDS5ReplicaHost: ad5.epr</div>
<div>nsDS5ReplicaPort: 389</div>
<div>nsDS5ReplicaBindDN: cn=metasync,ou=usuarios de
servicio,ou=grupos,dc=epr</div>
<div>nsDS5ReplicaBindMethod: SIMPLE</div>
<div>nsDS5ReplicaCredentials: ****</div>
<div><span style="font-size: 10pt;">oneWaySync: fromWindows</span></div>
</div>
<div><br>
</div>
<hr id="zwchr">
<div
style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"
data-mce-style="color: #000; font-weight: normal; font-style:
normal; text-decoration: none; font-family:
Helvetica,Arial,sans-serif; font-size: 12pt;"><b>De: </b>"Rich
Megginson" <a class="moz-txt-link-rfc2396E" href="mailto:rmeggins@redhat.com"><rmeggins@redhat.com></a><br>
<b>Para: </b>"General discussion list for the 389 Directory
server project." <a class="moz-txt-link-rfc2396E" href="mailto:389-users@lists.fedoraproject.org"><389-users@lists.fedoraproject.org></a><br>
<b>CC: </b>"Juan Carlos Camargo"
<a class="moz-txt-link-rfc2396E" href="mailto:juancarlos@eprinsa.es"><juancarlos@eprinsa.es></a><br>
<b>Enviados: </b>Jueves, 18 de Julio 2013 16:01:52<br>
<b>Asunto: </b>Re: [389-users] winsync: differences between
1.2.11.15 and 1.3<br>
<div><br>
</div>
<div class="moz-cite-prefix">On 07/18/2013 06:17 AM, Juan
Carlos Camargo wrote:<br>
</div>
<blockquote
cite="mid:635330321.40169.1374149856877.JavaMail.root@eprinsa.es">
<div style="font-family: arial,helvetica,sans-serif;
font-size: 10pt; color: #000000"
data-mce-style="font-family: arial,helvetica,sans-serif;
font-size: 10pt; color: #000000;">
<div>Hi 389ers,</div>
<div><br>
</div>
<div>I have a lab scenario with one server running version
1.3 on Fedora19. My production servers still use
1.2.11.15 and run on CentOS. I've created oneway sync
agreements FROM Windows2003 , in both cases with the
same params: windows sync user, windows host, ds subtree
and windows subtree. But I've noticed that in version
1.3 sync does not work, all users are reported to be
"out of scope" even when the same sAMAccountName/uid is
found.</div>
<div><br>
</div>
<div>Ex:</div>
<div>
<div>v1.3</div>
<div>"</div>
<div>[18/Jul/2013:12:59:15 +0200] NSMMReplicationPlugin
- agmt="cn=ad5" (ad5:389):
windows_process_dirsync_entry: windows inbound entry
CN=XXXX has the same name as local entry uid=XXXX but
the windows entry is out of the scope of the sync
subtree [dc=DOMAIN] - if you want these entries to be
in sync, add the ntUser/ntGroup objectclass and
required attributes to the local entry, and move the
windows entry into scope</div>
</div>
<div>"</div>
<div><br>
</div>
<div>v1.2.11.15</div>
<div>
<div><br>
</div>
<div>[18/Jul/2013:13:31:00 +0200] NSMMReplicationPlugin
- agmt="cn=ad5" (ad5:389): map_entry_dn_inbound:
looking for local entry matching AD entry [CN=XXXX]</div>
<div>[18/Jul/2013:13:31:00 +0200] NSMMReplicationPlugin
- agmt="cn=ad5" (ad5:389): map_entry_dn_inbound:
looking for local entry by guid
[155e86afca9f2141af71624d7f55a44c]</div>
<div>[18/Jul/2013:13:31:00 +0200] NSMMReplicationPlugin
- agmt="cn=ad5" (ad5:389): map_entry_dn_inbound: found
local entry [uid=XXXX]</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><span style="font-size: 10pt;"
data-mce-style="font-size: 10pt;">Sorry about the
different timestamps, but the user under XXXX was the
same in both cases. So, same agreement in version
1.2.11.15 syncs the users (from Windows always)
perfectly. I've deleted and recreated the agreements
in both sides, just in case I mispelled something,but
still the same results. What has changed , or better,
where did I go wrong?</span></div>
</div>
</blockquote>
<br>
Can you post your winsync config?<br>
The AD entry CN=XXXX - is it in the windows subtree or outside
of it? If it is outside of it, why?<br>
<br>
<blockquote
cite="mid:635330321.40169.1374149856877.JavaMail.root@eprinsa.es">
<div style="font-family: arial,helvetica,sans-serif;
font-size: 10pt; color: #000000"
data-mce-style="font-family: arial,helvetica,sans-serif;
font-size: 10pt; color: #000000;">
<div><br>
</div>
<div>Regards!</div>
<div><br>
</div>
<div>-- <br>
</div>
<div><span></span>
<div><span style="font-family: 'lucida console',
sans-serif;" data-mce-style="font-family: 'lucida
console', sans-serif;"><img
src="cid:part1.09050708.08070904@redhat.com"
data-mce-src="imap://rmeggins@redhat.com:993/fetch%3EUID%3E/389%3E969835?header=quotebody&part=1.1.2.2"><br>
</span></div>
<div><span style="font-size: x-small; font-family:
'comic sans ms', 'comic sans', sans-serif;"
data-mce-style="font-size: x-small; font-family:
'comic sans ms', 'comic sans', sans-serif;">Juan
Carlos Camargo Carrillo.</span></div>
<div><span style="font-size: x-small; font-family:
'comic sans ms', 'comic sans', sans-serif;"
data-mce-style="font-size: x-small; font-family:
'comic sans ms', 'comic sans', sans-serif;">@jcarloscamargo</span></div>
<div><span style="font-size: x-small; font-family:
'comic sans ms', 'comic sans', sans-serif;"
data-mce-style="font-size: x-small; font-family:
'comic sans ms', 'comic sans', sans-serif;">957-211157
, 650932877</span></div>
<div><span style="font-family: 'lucida console',
sans-serif;" data-mce-style="font-family: 'lucida
console', sans-serif;"> </span></div>
<span></span><br>
</div>
<div id="_mcePaste" class="mcePaste" style="position:
absolute; left: 0px; top: -25px; width: 1px; height:
1px; overflow: hidden;" data-mce-style="position:
absolute; left: 0px; top: -25px; width: 1px; height:
1px; overflow: hidden;"></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>--
389 users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org" target="_blank" data-mce-href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank" data-mce-href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</div>
<div><br>
<br>
</div>
<div><br>
</div>
<div>-- <br>
</div>
<div><span name="x"></span>
<div><span style="font-family: 'lucida console', sans-serif;"
data-mce-style="font-family: 'lucida console',
sans-serif;"><img
src="cid:part4.03070105.05060105@redhat.com"
data-mce-src="http://zcs8.eprinsa.es/home/juancarlos@eprinsa.es/Briefcase/Juan-Carlos-Camargo-Carrilllo.gif"
doc="Briefcase/Juan-Carlos-Camargo-Carrilllo.gif"><br>
</span></div>
<div><span style="font-size: x-small; font-family: 'comic sans
ms', 'comic sans', sans-serif;" data-mce-style="font-size:
x-small; font-family: 'comic sans ms', 'comic sans',
sans-serif;">Juan Carlos Camargo Carrillo.</span></div>
<div><span style="font-size: x-small; font-family: 'comic sans
ms', 'comic sans', sans-serif;" data-mce-style="font-size:
x-small; font-family: 'comic sans ms', 'comic sans',
sans-serif;">@jcarloscamargo</span></div>
<div><span style="font-size: x-small; font-family: 'comic sans
ms', 'comic sans', sans-serif;" data-mce-style="font-size:
x-small; font-family: 'comic sans ms', 'comic sans',
sans-serif;">957-211157 , 650932877</span></div>
<div><span style="font-family: 'lucida console', sans-serif;"
data-mce-style="font-family: 'lucida console',
sans-serif;"> </span></div>
<span name="x"></span><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>