RE: [Fedora-directory-users] Re: FDS AD Sync

After reviewing the debugging logs I realized the following, When I create a new account, it isn't sync correctly to AD unless a select "create new NT account" in the NT User form. Other than that, accounts aren't added to the AD even if I ran the process "reinitialized AD"! The problem I am facing now is how to add the new three fields for all of my 10000 user accounts before migrating to FDS and making sure that NT-Username is as the same as Username! Any body has ideas! By the way, Daniel Thanks for your help :) Regards, Abdelrahman -----Original Message----- From: fedora-directory-users-bounces(a)redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Daniel Shackelford Sent: Tuesday, April 04, 2006 10:33 PM To: FedoraUsers Subject: [Fedora-directory-users] Re: FDS AD Sync It looks like your PassSync setup is working well. We should focus on the FDS side of things. In your replication agreement, are you using SSL and connecting to AD using port 636? Have you verified that you can connect to AD via SSL using another LDAP client like JXplorer? You will probably want to increase your logging level to include more replication info. In the console, you should change the settings for your error log to include replication info: 1. Log into console 2. Open your directory server 3. Click on the Config tab 4. Expand the Logs tree on the left 5. Select Error Log 6. Scroll down the form on the right until you see the Log Level list 7. Ctl-click on the Replication entry 8. Click Save Now you should be getting all replication data in your logs, in addition to errors. The following command will set up a ssl proxy on port 8638 that forwards connections to ADServer.domain.com. In the process it will decode the ssl traffic, dump extra info, and continue listening after the first connection, and dump everything into ~/ssltap.log ssltap -sxl -p 8636 ADServer.domain.com:636 > ~/ssltap.log In order to use this to debug replication you may have to set up a dummy replication agreement, dummy OU and dummy users. Point to the local host and port 8636 for the port, and then see what comes out. This is totally and completely experimental on my part, and I have not done this exact setup. -- Daniel Shackelford Systems Administrator Technology Services Spring Arbor University 517 750-6648 "For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many" Mark 10:45 -- Fedora-directory-users mailing list Fedora-directory-users(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users