Hi,

It turns out it was mistake from our end, we were checking too early before the actual replication was done completely. Now that works properly.

The direction of replication is from AD -> 389 DS

But now we have a new requirement which is to copy from multiple Source Subtree from Windows to Linux.

To get both subtrees I used the winSyncSubtreePair multivalued attribute.

This is the replication agreement we have right now

dn: cn=UsersSyncAgreement,cn=replica,cn=dc\=example\,dc\=com\,cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: nsDSWindowsReplicationAgreement
cn: UsersSyncAgreement
winSyncSubtreePair: cn=Users,dc=adexample,dc=com:ou=userandgroups,dc=example,dc=com
winSyncSubtreePair: ou=ItalyGroups,dc=adexample,dc=com:ou=userandgroups,dc=example,dc=com
nsds7NewWinUserSyncEnabled: on
nsds7NewWinGroupSyncEnabled: on
nsds7WindowsDomain: adexample.com
nsDS5ReplicaRoot: dc=example,dc=com
nsDS5ReplicaHost: adexample.com
nsDS5ReplicaPort: 389
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicaBindDN: cn=replication user,cn=Users,dc=adexample,dc=com
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaCredentials: secret
winSyncInterval: 1200

We want to copy both subtrees  cn=Users  and ou=ItalyGroups from the AD to 389 DS subtree ou=userandgroups,dc=example,dc=com.

Once the 389 Directory Server is installed, and this replication agreement is configured, I am able to access the 389 DS.

But once I initialize this replication agreement using the following

dn: cn=UsersSyncAgreement,cn=replica,cn=dc\=example\,dc\=com\,cn=mapping tree,cn=config
changetype: modify
replace: nsds5BeginReplicaRefresh
nsds5BeginReplicaRefresh: start

The dirsrv service crashes.

Can you help me with this problem, Am I configuring something wrong in the above replication agreement?

Thank you
Abhishek Deb


On Sun, Jun 30, 2019 at 9:24 PM William Brown <wbrown@suse.de> wrote:


> On 25 Jun 2019, at 05:09, Abhisheyk Deb <abhisheykdeb@gmail.com> wrote:
>
> Hi,
>
> We have the following setup.
>
> Active Directory Server in US.
> 389 DS Server in Italy.
>
> We are able to access the Active Directory Server from 389 DS.
> We installed the sync agreement. No body is touching the AD, the number of objects that should copied is 21. But every time we are running the replication agreement, the number of objects being copied is always different. How can that be if there is no change happening at the AD Server.
>
> Is the replication done over UDP or TCP.
>
> Also is it because of distance and delay that is causing the synchronization issues.
>
> If some can elaborate in this issue, it would be really helpful.

Sorry for the very late reply,

Replication like this, can be partial - it may not send all objects or structures, just ones defined in the agreement.

I think we'll need to see your winsync agreement from cn=config to know more, and to see what kind of objects are being sent, and what is not.

Is it objects from 389 to AD or in the other direction that are/are not being synced?

Thanks,

>
> Thank you
> Abhishek Deb
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org


Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org