12:33 p.m.
I've taken over control of an FDS and an AD server which had been set
up before I got to it. I'm still fairly new to LDAP and related
things. I come from a unix background rather than windows.
At some point, users put into FDS were replicated on the AD server
correctly. Subsequently, the flat "structure" of the users in FDS
was improved to be more hierarchical. However, new users added into
FDS are not being added into AD. I'm also not familiar enough with
AD to know where to see the OU structure that is present in FDS in
AD. I'm not even sure if AD would have that structure. I'm at a bit
of a loss as to how to start diagnosing where the problem is, let
alone fixing it.
I've looked at http://directory.fedoraproject.org/wiki/
Howto:WindowsSync but as that is focussed on setting it up initially,
I'm not sure how much of it applies.
Help on how to start solving this welcomed.
Timothy
12:50 p.m.
Timothy Hunt wrote:
I've taken over control of an FDS and an AD server which had been
set
up before I got to it. I'm still fairly new to LDAP and related
things. I come from a unix background rather than windows.
At some point, users put into FDS were replicated on the AD server
correctly. Subsequently, the flat "structure" of the users in FDS was
improved to be more hierarchical. However, new users added into FDS
are not being added into AD. I'm also not familiar enough with AD to
know where to see the OU structure that is present in FDS in AD. I'm
not even sure if AD would have that structure. I'm at a bit of a loss
as to how to start diagnosing where the problem is, let alone fixing it.
I've looked at
http://directory.fedoraproject.org/wiki/Howto:WindowsSync but as that
is focussed on setting it up initially, I'm not sure how much of it
applies.
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/sync.html#2836267
Help on how to start solving this welcomed.
Timothy
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
2:24 p.m.
On Oct 25, 2007, at 12:50 PM, Richard Megginson wrote:
Timothy Hunt wrote:
> I've taken over control of an FDS and an AD server which had been
> set up before I got to it. I'm still fairly new to LDAP and
> related things. I come from a unix background rather than windows.
>
> At some point, users put into FDS were replicated on the AD server
> correctly. Subsequently, the flat "structure" of the users in FDS
> was improved to be more hierarchical. However, new users added
> into FDS are not being added into AD. I'm also not familiar
> enough with AD to know where to see the OU structure that is
> present in FDS in AD. I'm not even sure if AD would have that
> structure. I'm at a bit of a loss as to how to start diagnosing
> where the problem is, let alone fixing it.
>
> I've looked at http://directory.fedoraproject.org/wiki/
> Howto:WindowsSync but as that is focussed on setting it up
> initially, I'm not sure how much of it applies.
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/sync.html#2836267
>
>
Thanks, Richard,
As our AD server isn't yet being used, I decided to break the
existing sync agreement, wipe the users on the AD server, and start a
new sync agreement.
I've got "replication" logging set and I'm getting this in the FDS
log files
[26/Oct/2007:14:15:38 -0500] NSMMReplicationPlugin -
agmt="cn=fs2" (fs2:636): Replication session backing off for 191 seconds
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin -
agmt="cn=fs2" (fs2:636): State: backoff -> backoff
[26/Oct/2007:14:18:50 -0500] - acquire_replica, supplier RUV:
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - supplier:
{replicageneration} 4693ce97000000010000
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - supplier:
{replica 1 ldap://ds1.intraisp.com:389} 469ee73e000000010000
47223b23000000010000 47223b23
[26/Oct/2007:14:18:50 -0500] - acquire_replica, consumer RUV:
[26/Oct/2007:14:18:50 -0500] - acquire_replica, consumer RUV = null
[26/Oct/2007:14:18:50 -0500] - acquire_replica, supplier RUV is newer
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin -
agmt="cn=fs2" (fs2:636): Trying secure slapi_ldap_init
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin -
agmt="cn=fs2" (fs2:636): binddn =
CN=Administrator,CN=Users,DC=directory,DC=intraisp,DC=com, passwd =
{DES}cwngvvY1zCw=
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin -
agmt="cn=fs2" (fs2:636): Disconnected from the consumer
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin -
agmt="cn=fs2" (fs2:636): Beginning linger on the connection
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin -
agmt="cn=fs2" (fs2:636): No linger on the closed conn
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin -
agmt="cn=fs2" (fs2:636): Replication session backing off for 299 seconds
the "summary" tab of the AD sync agreement on FDS says
Last update message: - LDAP error: Can't contact LDAP server: Error
Code: 81
But I can connect to port 636 on the AD server from the RDS box
without a problem.
Any suggestions?
Timothy
2:50 p.m.
Timothy Hunt wrote:
On Oct 25, 2007, at 12:50 PM, Richard Megginson wrote:
> Timothy Hunt wrote:
>> I've taken over control of an FDS and an AD server which had been
>> set up before I got to it. I'm still fairly new to LDAP and related
>> things. I come from a unix background rather than windows.
>>
>> At some point, users put into FDS were replicated on the AD server
>> correctly. Subsequently, the flat "structure" of the users in FDS
>> was improved to be more hierarchical. However, new users added into
>> FDS are not being added into AD. I'm also not familiar enough with
>> AD to know where to see the OU structure that is present in FDS in
>> AD. I'm not even sure if AD would have that structure. I'm at a
>> bit of a loss as to how to start diagnosing where the problem is,
>> let alone fixing it.
>>
>> I've looked at
>> http://directory.fedoraproject.org/wiki/Howto:WindowsSync but as
>> that is focussed on setting it up initially, I'm not sure how much
>> of it applies.
> http://www.redhat.com/docs/manuals/dir-server/ag/7.1/sync.html#2836267
>>
>>
Thanks, Richard,
As our AD server isn't yet being used, I decided to break the existing
sync agreement, wipe the users on the AD server, and start a new sync
agreement.
I've got "replication" logging set and I'm getting this in the FDS log
files
[26/Oct/2007:14:15:38 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
(fs2:636): Replication session backing off for 191 seconds
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
(fs2:636): State: backoff -> backoff
[26/Oct/2007:14:18:50 -0500] - acquire_replica, supplier RUV:
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - supplier:
{replicageneration} 4693ce97000000010000
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - supplier:
{replica 1 ldap://ds1.intraisp.com:389} 469ee73e000000010000
47223b23000000010000 47223b23
[26/Oct/2007:14:18:50 -0500] - acquire_replica, consumer RUV:
[26/Oct/2007:14:18:50 -0500] - acquire_replica, consumer RUV = null
[26/Oct/2007:14:18:50 -0500] - acquire_replica, supplier RUV is newer
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
(fs2:636): Trying secure slapi_ldap_init
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
(fs2:636): binddn =
CN=Administrator,CN=Users,DC=directory,DC=intraisp,DC=com, passwd =
{DES}cwngvvY1zCw=
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
(fs2:636): Disconnected from the consumer
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
(fs2:636): Beginning linger on the connection
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
(fs2:636): No linger on the closed conn
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
(fs2:636): Replication session backing off for 299 seconds
the "summary" tab of the AD sync agreement on FDS says
Last update message: - LDAP error: Can't contact LDAP server: Error
Code: 81
But I can connect to port 636 on the AD server from the RDS box
without a problem.
Can you connect to port 389 on the AD server? Is it possible
you have
configured it to use port 636 but not to use SSL (or vice versa)?
Any suggestions?
Timothy
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
3:38 p.m.
>
> But I can connect to port 636 on the AD server from the RDS box
> without a problem.
Can you connect to port 389 on the AD server? Is it possible you
have configured it to use port 636 but not to use SSL (or vice versa)?
>
Yes I can, but I also know for sure that 636 is using SSL.
Timothy
3:59 p.m.
Timothy Hunt wrote:
>>
>> But I can connect to port 636 on the AD server from the RDS box
>> without a problem.
> Can you connect to port 389 on the AD server? Is it possible you
> have configured it to use port 636 but not to use SSL (or vice versa)?
>>
Yes I can, but I also know for sure that 636 is using SSL.
Did you configure the
sync agreement to use SSL and to use port 636?
Timothy
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
4:12 p.m.
Timothy Hunt wrote:
>>
>> Yes I can, but I also know for sure that 636 is using SSL.
> Did you configure the sync agreement to use SSL and to use port 636?
>>
>>
Yes.
Can you use ldapsearch from the command line? e.g.
cd /opt/fedora-ds/shared/bin
./ldapsearch -h adhostname -p 636 -D
"cn=administrator,cn=Users,dc=your,dc=domain,dc=com" -w adpassword -Z -P
/opt/fedora-ds/alias/slapd-instance-cert8.db -s base -b ""
"objectclass=*"
Timothy
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
6035
days inactive
6036
days old
389-users@lists.fedoraproject.org
7 comments
2 participants
participants (2)
-
Rich Megginson -
Timothy Hunt