On 21 Aug 2019, at 22:10, DaV <snowfrs(a)gmail.com> wrote:
Hi guys,
Just update for this issue.
Finally, I create multi windows sync agreement for each OU to sync the user account.
like this:
> DS Host: 389ds:389
> Windows Host: dc01.example.com:389
> DS Subtree: ou=ou1,ou=Users,dc=example,dc=com
> Windows Subtree: OU=Accounts, DC=example,DC=com
> Replicated subtree: dc=example,dc=com
> DS Host: 389ds:389
> Windows Host: dc01.example.com:389
> DS Subtree: ou=ou2,ou=Users,dc=example,dc=com
> Windows Subtree: OU=Accounts, DC=example,DC=com
> Replicated subtree: dc=example,dc=com
So the user account sync is done.
For password sync, now I can't sync user's password with an " Initiate full
Re-syncronization". I must reset all users one-by-one on AD server to sync the
password. This is not convenient.
Do you have any advice?
I think Mark is the person who knows the most about this. I agree your solution isn't
really optimal here so I totally get you wanting to improve this. My concern is moving an
account from ou1 to ou2 and how that would work (or break).
This is the log info:
> [21/Aug/2019:08:56:57.876105371 +0800] - ERR - NSMMReplicationPlugin - windows sync -
windows_tot_run - Beginning total update of replica "agmt="cn=chuxun"
(tc-dc-2:389)".
> [21/Aug/2019:08:56:58.546297794 +0800] - ERR - NSMMReplicationPlugin - windows sync -
windows_process_total_add - agmt="cn=chuxun" (tc-dc-2:389) - Cannot replay add
operation.
> [21/Aug/2019:08:56:58.575112136 +0800] - ERR - NSMMReplicationPlugin - windows sync -
bind_and_check_pwp - agmt="cn=chuxun" (tc-dc-2:389): Replication bind with
SIMPLE auth resumed
> [21/Aug/2019:08:56:58.577280706 +0800] - WARN - NSMMReplicationPlugin - windows sync
- windows_inc_run - agmt="cn=chuxun" (tc-dc-2:389): Replica has no update
vector. It has never been initialized.
> [21/Aug/2019:08:56:58.579569199 +0800] - WARN - NSMMReplicationPlugin - windows sync
- windows_inc_run - agmt="cn=chuxun" (tc-dc-2:389): Replica has no update
vector. It has never been initialized.
> [21/Aug/2019:08:56:59.581808252 +0800] - WARN - NSMMReplicationPlugin - windows sync
- windows_inc_run - agmt="cn=wangxun" (tc-dc-2:389): Replica has no update
vector. It has never been initialized.
Sincerely,
--
DaV
On Tue, Aug 20, 2019, at 09:28, DaV wrote:
> Hi all,
> I'm using a new 389 directory server on CentOS 7.6 with 389-ds-base.x86_64
(1.3.8.4-15.el7), and I want to sync user and password from Windows 2016 to 389ds one
way.
> The Synchronization Agreement like this:
> DS Host: 389ds:389
> Windows Host: dc01.example.com:389
> DS Subtree: ou=Users,dc=example,dc=com
> Windows Subtree: OU=Accounts, DC=example,DC=com
> Replicated subtree: dc=example,dc=com
>
> Here is my question:
> The sync agreement can only sync top-level OU=Accounts, DC=example, DC=com from
Win2016 to 389ds server.
> In fact, I have
> ou=ou1,ou=accounts,dc=example,dc=com
> ou=ou2,ou=accounts,dc=example,dc=com
> on Win2016 server.
> I want the sync agreement can sync not only the top-level but also the child ou.
>
> This is the error log for your reference. Thanks!
>> [20/Aug/2019:07:58:40.307031692 +0800] - ERR - NSMMReplicationPlugin - windows
sync - windows_tot_run - Beginning total update of replica "agmt="cn=389ds"
(tc-dc-2:389)".
>> [20/Aug/2019:07:58:40.309113230 +0800] - INFO - slapd_daemon - slapd started.
Listening on All Interfaces port 389 for LDAP requests
>> [20/Aug/2019:08:34:21.730939271 +0800] - WARN - NSMMReplicationPlugin - windows
sync - windows_inc_run - agmt="cn=389ds" (tc-dc-2:389): Replica has no update
vector. It has never been initialized.
>> [20/Aug/2019:08:34:21.733526550 +0800] - WARN - NSMMReplicationPlugin - windows
sync - windows_inc_run - agmt="cn=389ds" (tc-dc-2:389): Replica has no update
vector. It has never been initialized.
>> [20/Aug/2019:08:34:24.735819391 +0800] - WARN - NSMMReplicationPlugin - windows
sync - windows_inc_run - agmt="cn=389ds" (tc-dc-2:389): Replica has no update
vector. It has never been initialized.
>> [20/Aug/2019:08:34:27.738228528 +0800] - WARN - NSMMReplicationPlugin - windows
sync - windows_inc_run - agmt="cn=389ds" (tc-dc-2:389): Replica has no update
vector. It has never been initialized.
>> [20/Aug/2019:08:34:30.873896680 +0800] - ERR - NSMMReplicationPlugin - windows
sync - windows_tot_run - Beginning total update of replica "agmt="cn=389ds"
(tc-dc-2:389)".
>> [20/Aug/2019:08:34:33.170822223 +0800] - ERR - NSMMReplicationPlugin - windows
sync - windows_tot_run - Finished total update of replica "agmt="cn=389ds"
(tc-dc-2:389)". Sent 5 entries.
>> [20/Aug/2019:08:34:33.186359842 +0800] - ERR - NSMMReplicationPlugin - windows
sync - bind_and_check_pwp - agmt="cn=389ds" (tc-dc-2:389): Replication bind with
SIMPLE auth resumed
>> [20/Aug/2019:08:47:30.032935119 +0800] - ERR - NSMMReplicationPlugin - windows
sync - windows_tot_run - Beginning total update of replica "agmt="cn=389ds"
(tc-dc-2:389)".
>> [20/Aug/2019:08:47:31.035850854 +0800] - ERR - NSMMReplicationPlugin - windows
sync - windows_tot_run - Finished total update of replica "agmt="cn=389ds"
(tc-dc-2:389)". Sent 5 entries.
>> [20/Aug/2019:08:47:31.051614890 +0800] - ERR - NSMMReplicationPlugin - windows
sync - bind_and_check_pwp - agmt="cn=389ds" (tc-dc-2:389): Replication bind with
SIMPLE auth resumed
>> [20/Aug/2019:08:50:59.533268105 +0800] - WARN - NSMMReplicationPlugin - prot_stop
- Incremental protocol for replica "agmt="cn=389ds" (tc-dc-2:389)" did
not shut down properly.
>> [20/Aug/2019:09:01:00.155477769 +0800] - WARN - NSMMReplicationPlugin - prot_stop
- Total protocol for replica "agmt="cn=389ds" (tc-dc-2:389)" did not
shut down properly.
>
>
> Sincerely,
> --
> DaV
>
>
>
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs