[389-users] loss of group members in AD after initialization of sync
jean-Noël Chardron
Jean-Noel.Chardron at dr15.cnrs.fr
Thu Jun 11 10:38:10 UTC 2009
hello,
When I initiate a first full synchronization of DS and AD I lost members
in groups
error log shows :
[10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: looking for local entry matching
AD entry [CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr]
[10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: looking for local entry by guid
[c0e73a492ffbc04c9e85781a68f45023]
[10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1
[10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: looking for local entry by uid [SFC]
[...]
[10/Jun/2009:15:00:11 +0200] - Windows sync entry: Adding new local
entry dn: cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr
objectClass: top
objectClass: groupofuniquenames
objectClass: ntGroup
ntGroupDeleteGroup: true
cn: SFC
description: Service Financier et Comptable
uniqueMember: uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15,
dc=cnrs, dc=
fr
uniqueMember:[...]
follow 10 members
[...]
[10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - received entry from
dirsync: CN=MX,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr
[10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: looking for local entry matching
AD entry [CN=MX,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr]
[10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: looking for local entry by guid
[0cdf6e627d64684cb10c70b3b8753fda]
[10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1
[10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: looking for local entry by uid [MX]
[10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: problem looking for username: -1
[10/Jun/2009:15:00:24 +0200] - Windows sync entry: Adding new local
entry dn: uid=MX,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetOrgPerson
objectClass: ntUser
ntUserDeleteAccount: true
uid: MX
sn: MX
givenName: Guillaume
cn: MX
ntUserCodePage: 0
ntUserAcctExpires: 0
ntUserDomainId: MX
mail: Guillaume.MX at dr15.cnrs.fr
ntUniqueId: 0cdf6e627d64684cb10c70b3b8753fda
[10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): windows_process_total_entry: Looking
dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" (ours)
[10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS
dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr"
guid="c0e73a492ffbc04c9e85781a68f45023"
[10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS
dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" username="SFC"
[10/Jun/2009:15:01:34 +0200] - Calling windows entry search request plugin
[10/Jun/2009:15:01:34 +0200] - windows_search_entry: recieved 2
messages, 1 entries, 0 references
[10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_outbound: found AD entry
dn="CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr"
[10/Jun/2009:15:01:34 +0200] - Calling windows entry search request plugin
[10/Jun/2009:15:01:34 +0200] - windows_search_entry: recieved 2
messages, 1 entries, 0 references
[10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin -
windows_generate_update_mods:
CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr, description :
values are equal
[10/Jun/2009:15:01:35 +0200] - map_dn_values: no local entry found for
uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr
[10/Jun/2009:15:01:35 +0200] - map_dn_values: no local entry found for uid=
[follow 10 entries,]
[10/Jun/2009:15:01:35 +0200] - Calling windows entry search request plugin
[10/Jun/2009:15:01:35 +0200] - windows_search_entry: recieved 2
messages, 1 entries, 0 references
[10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: looking for local entry matching
AD entry [CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr]
[10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: looking for local entry by guid
[72a7171ffaa0d84a9ca4ec2d90a4ab2b]
[10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1
[10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: looking for local entry by uid
[essaibug]
[10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: problem looking for username: -1
[10/Jun/2009:15:01:35 +0200] - Calling windows entry search request plugin
[10/Jun/2009:15:01:35 +0200] - windows_search_entry: recieved 2
messages, 1 entries, 0 references
[10/Jun/2009:15:01:38 +0200] NSMMReplicationPlugin -
windows_generate_update_mods:
CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr, sAMAccountName :
values are equal
[10/Jun/2009:15:01:38 +0200] - smod - windows sync
[10/Jun/2009:15:01:38 +0200] - smod 0 - delete: member
[10/Jun/2009:15:01:38 +0200] - smod 0 - value: member:
CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr
[10/Jun/2009:15:01:38 +0200] - smod 1 - delete: member
[10/Jun/2009:15:01:38 +0200] - smod 1 - value: member:
[follow the 10 entries]
[10/Jun/2009:15:01:39 +0200] NSMMReplicationPlugin -
windows_update_remote_entry: modifying entry
CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr
[10/Jun/2009:15:01:39 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): Received result code 0 () for modify operation
[10/Jun/2009:15:01:55 +0200] - map_dn_values: no local entry found for
uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr
[10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - received entry from
dirsync: CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr
[10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: looking for local entry matching
AD entry [CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr]
[10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: looking for local entry by guid
[72a7171ffaa0d84a9ca4ec2d90a4ab2b]
[10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1
[10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: looking for local entry by uid
[essaibug]
[10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_inbound: problem looking for username: -1
[10/Jun/2009:15:05:52 +0200] - Windows sync entry: Adding new local
entry dn: uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetOrgPerson
objectClass: ntUser
ntUserDeleteAccount: true
uid: essaibug
sn: essaibug
cn: essaibug
ntUserCodePage: 0
ntUserAcctExpires: 9223372036854775807
ntUserDomainId: essaibug
ntUniqueId: 72a7171ffaa0d84a9ca4ec2d90a4ab2b
[10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS
dn="uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr"
guid="72a7171ffaa0d84a9ca4ec2d90a4ab2b"
[10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS
dn="uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr"
username="essaibug"
[10/Jun/2009:15:07:13 +0200] - Calling windows entry search request plugin
[10/Jun/2009:15:07:13 +0200] - windows_search_entry: recieved 2
messages, 1 entries, 0 references
[10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos"
(zebigbos:636): map_entry_dn_outbound: found AD entry
dn="CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr"
(following the translation of google)
I suppose that during the initialization of the replication, groups have
lost members (group sfc) with the logs in order explicit removal of the
member in the group, sent by the DS to AD. The most likely explanation
and that the process is sequential but with a dispatch from AD to
DS-anarchic, with a group can be created before members in DS users.
these are leading to a later stage in a request for suppresssion AD DS
to members of the group that did not exist before the creation of the
group. This is "normal" since DS checks the consistency of information
and therefore the group members. The solution to this problem is to
create manually in the AD to add the lost members in the group or may be
to initialize sync twice in a closed time.
The administrator of the Windows server and the AD insulted me as a
result of this blunder
I asked him if he had a backup of the AD. he had not
--
Jean-Noel Chardron
More information about the 389-users
mailing list