[389-users] Windows sync stopped working
Aaron Hagopian
airhead1 at gmail.com
Fri Apr 30 18:47:25 UTC 2010
Just figured it out. I had written a script that finds people with the same
username (which is uniformly how we've done it) in both active directory and
389ds. If they had the same username in both (I manually verified these
were correct matches) I added the ntUser class and set their username in
389ds.
I didn't have a prob on the initial init because I hadn't run my script yet
and only had a couple i added by hand. I then ran my script which ended up
pulling in people that were deleted in the AD side but on a blind search
they show up from the deleted user's OU (or something like that). Once I
figured that out I also found a couple of people that were active accounts
but were not in the subtree I had setup the windows sync for which also
caused the problem.
So I wrote a new script to remove the ntUser objectClass for people not in
the substree I was planning on syncing and did a new initialization of the
consumer and it worked.
On Fri, Apr 30, 2010 at 1:41 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> Aaron Hagopian wrote:
> > I had everything setup to sync to my domain controller and things were
> > working fine. Recently I saw this message in the logs:
> >
> > [30/Apr/2010:11:59:10 -0500] NSMMReplicationPlugin -
> > agmt="cn=toto.hra.local" (10:636): windows_replay_update: Cannot
> > replay add operation.
> >
> > So I thought maybe I would try to remove the agreement and re-add it
> > and re-initalize. After doing this now I get this message again along
> > with the every 5 seconds.
> >
> > [30/Apr/2010:12:01:31 -0500] NSMMReplicationPlugin -
> > agmt="cn=toto.hra.local" (10:636): Replica has no update vector. It
> > has never been initialized.
> This happens sometimes. Not sure why, but sometimes you have to re-init
> a few times before it actually starts working.
> >
> > This is on 389-ds 1.2.5 running on x86_64 RHEL 5.4
> >
> > I think this all started when I added an ipHost entry to an OU that
> > should not even be looked at for syncing purposes.
> Does it have any user/person related or group related object classes?
> > Any ideas on how to clear this up so I can sync with windows again?
> > I'm not using the create new users or groups, just trying to sync
> > passwords.
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100430/1987ce64/attachment.html>
More information about the 389-users
mailing list