Hello Team
I have a question on sync between 389 DS and windows active Directoty. I have followed this link to https://documentation.suse.com/sles/15-SP3/html/SLES-all/cha-security-ldap.h... for Synchronizing with Microsoft Active Directory(6.11) with 389 DS , I'm able to create the repl-winsync-agmt but while checking its status using sudo dsconf ldap1 repl-winsync-agmt init-status i'm getting below error .
Error: [16/Sep/2022:16:25:45.129760205 +051800] - ERR - slapi_ldap_bind - Could not send bind request for id [CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5950 (File not found.), network error 107 (Transport endpoint is not connected, host "192.168.56.106:389")
I'm able to do ldapsearch on Active directory but repl-winsync-agmt init-status command is giving the network error.
ldapseach command: ldapsearch -x -h 192.168.56.106 -p 389 -b "CN=Users,dc=training,dc=itadmin,dc=com" -D "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com" -w "Test@123" dn
repl-winsync-agmt create command used:
sudo dsconf -D "cn=ldap1-infra1" -w "#CEEadmin123" ldap1 repl-winsync-agmt create --suffix "dc=openstack,dc=org" --host 192.168.56.106 --port 389 --conn-protocol LDAPS --bind-dn "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com" --bind-passwd "Test@123" --win-subtree "CN=Users,DC=training,DC=itadmin,DC=com" --ds-subtree "dc=openstack,dc=org" --one-way-sync fromWindows --sync-users=on --sync-groups=on --move-action delete --win-domain "trainingitadmin.com" adsync_agreement
Let me know what should be done to resolve this network error
On 9/19/22 3:05 AM, Darshan B wrote:
Hello Team
I have a question on sync between 389 DS and windows active Directoty. I have followed this link to https://documentation.suse.com/sles/15-SP3/html/SLES-all/cha-security-ldap.h... for Synchronizing with Microsoft Active Directory(6.11) with 389 DS , I'm able to create the repl-winsync-agmt but while checking its status using sudo dsconf ldap1 repl-winsync-agmt init-status i'm getting below error .
Error: [16/Sep/2022:16:25:45.129760205 +051800] - ERR - slapi_ldap_bind - Could not send bind request for id [CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5950 (File not found.), network error 107 (Transport endpoint is not connected, host "192.168.56.106:389")
This means the replication agreement can not connect to the AD server. Perhaps your winsync agreement is not configured correctly. Please provide the agreement entry from 389 DS.
Thanks, Mark
I'm able to do ldapsearch on Active directory but repl-winsync-agmt init-status command is giving the network error.
ldapseach command: ldapsearch -x -h 192.168.56.106 -p 389 -b "CN=Users,dc=training,dc=itadmin,dc=com" -D "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com" -w "Test@123" dn
repl-winsync-agmt create command used:
sudo dsconf -D "cn=ldap1-infra1" -w "#CEEadmin123" ldap1 repl-winsync-agmt create --suffix "dc=openstack,dc=org" --host 192.168.56.106 --port 389 --conn-protocol LDAPS --bind-dn "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com" --bind-passwd "Test@123" --win-subtree "CN=Users,DC=training,DC=itadmin,DC=com" --ds-subtree "dc=openstack,dc=org" --one-way-sync fromWindows --sync-users=on --sync-groups=on --move-action delete --win-domain "trainingitadmin.com" adsync_agreement
Let me know what should be done to resolve this network error _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Hi Darshen,
Indeed, the agmt parameters indeed look wrong: --port 389 and --conn-protocol LDAPS should not be used together. It should either be: --port 389 --conn-protocol StartTLS or --port 636 --conn-protocol LDAPS
Regards, Pierre
On Mon, Sep 19, 2022 at 1:41 PM Mark Reynolds mareynol@redhat.com wrote:
On 9/19/22 3:05 AM, Darshan B wrote:
Hello Team
I have a question on sync between 389 DS and windows active Directoty. I have followed this link to
https://documentation.suse.com/sles/15-SP3/html/SLES-all/cha-security-ldap.h... for Synchronizing with Microsoft Active Directory(6.11) with 389 DS , I'm able to create the repl-winsync-agmt but while checking its status using sudo dsconf ldap1 repl-winsync-agmt init-status i'm getting below error .
Error: [16/Sep/2022:16:25:45.129760205 +051800] - ERR - slapi_ldap_bind - Could
not send bind request for id [CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5950 (File not found.), network error 107 (Transport endpoint is not connected, host "192.168.56.106:389")
This means the replication agreement can not connect to the AD server. Perhaps your winsync agreement is not configured correctly. Please provide the agreement entry from 389 DS.
Thanks, Mark
I'm able to do ldapsearch on Active directory but repl-winsync-agmt
init-status command is giving the network error.
ldapseach command: ldapsearch -x -h 192.168.56.106 -p 389 -b
"CN=Users,dc=training,dc=itadmin,dc=com" -D "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com" -w "Test@123" dn
repl-winsync-agmt create command used:
sudo dsconf -D "cn=ldap1-infra1" -w "#CEEadmin123" ldap1
repl-winsync-agmt create --suffix "dc=openstack,dc=org" --host 192.168.56.106 --port 389 --conn-protocol LDAPS --bind-dn "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com" --bind-passwd "Test@123" --win-subtree "CN=Users,DC=training,DC=itadmin,DC=com" --ds-subtree "dc=openstack,dc=org" --one-way-sync fromWindows --sync-users=on --sync-groups=on --move-action delete --win-domain " trainingitadmin.com" adsync_agreement
Let me know what should be done to resolve this network error _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
-- Directory Server Development Team _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
389-users@lists.fedoraproject.org