[389-users] Windows Sync

Diego Woitasen diego at woitasen.com.ar
Thu Jan 13 00:33:34 UTC 2011


On Wed, Jan 12, 2011 at 6:51 PM, Diego Woitasen <diego at woitasen.com.ar> wrote:
> On Tue, Jan 11, 2011 at 10:35 PM, Diego Woitasen <diego at woitasen.com.ar> wrote:
>> Hi,
>>  I'm configuring Windows Sync between 389 DS 1.2.7.5 and AD Windows
>> 2008. I have everything configured I think but when I start a "full
>> sync" it fails with the error:
>>
>> Total update abortedSystem error. Error Code: -1
>>
>> The error log (with debug enabled) has these lines:
>>
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - Beginning total
>> update of replica "agmt="cn=Windows Sync" (dc01:389)".
>> [11/Jan/2011:21:44:11 -0300] - Calling dirsync search request plugin
>> [11/Jan/2011:21:44:11 -0300] - Sending dirsync search request
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - received entry
>> from dirsync: DC=bs,DC=mrec,DC=ar
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: looking for local entry
>> matching AD entry [DC=bs,DC=mrec,DC=ar]
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: looking for local entry by
>> guid [d18a3aa5cf087c44aa2efe900e50f08a]
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: problem looking for guid: -1
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: AD entry has no username!
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - received entry
>> from dirsync: CN=Configuration,DC=bs,DC=mrec,DC=ar
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: looking for local entry
>> matching AD entry [CN=Configuration,DC=bs,DC=mrec,DC=ar]
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: looking for local entry by
>> guid [f1648b22298c154c8e8034a1c76c8643]
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: problem looking for guid: -1
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: AD entry has no username!
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - received entry
>> from dirsync: CN=LostAndFound,DC=bs,DC=mrec,DC=ar
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: looking for local entry
>> matching AD entry [CN=LostAndFound,DC=bs,DC=mrec,DC=ar]
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: looking for local entry by
>> guid [d8d2f55128b8e34cabd9a40bfd55c9e7]
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: problem looking for guid: -1
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: AD entry has no username!
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - received entry
>> from dirsync: CN=Deleted Objects,DC=bs,DC=mrec,DC=ar
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): windows_process_dirsync_entry: failed to map
>> tombstone dn.
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - received entry
>> from dirsync: CN=Users,DC=bs,DC=mrec,DC=ar
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: looking for local entry
>> matching AD entry [CN=Users,DC=bs,DC=mrec,DC=ar]
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: looking for local entry by
>> guid [e29cfe66f8a6bc4fb2839e757beb9d3e]
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: problem looking for guid: -1
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: AD entry has no username!
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - received entry
>> from dirsync: CN=Computers,DC=bs,DC=mrec,DC=ar
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: looking for local entry
>> matching AD entry [CN=Computers,DC=bs,DC=mrec,DC=ar]
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: looking for local entry by
>> guid [8fb08e3ecfdde94290f783402518225c]
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: problem looking for guid: -1
>> [11/Jan/2011:21:44:11 -0300] NSMMReplicationPlugin - agmt="cn=Windows
>> Sync" (dc01:389): map_entry_dn_inbound: AD entry has no username!
>>
>> Config parameters from dse.ldif:
>>
>> dn: cn=Windows Sync,cn=replica,cn=dc\3Dblabla\2Cdc\3Dar,cn=mapping tree,cn=confi
>>  g
>> objectClass: top
>> objectClass: nsDSWindowsReplicationAgreement
>> description: AD
>> cn: Windows Sync
>> nsds7WindowsReplicaSubtree: ou=People,dc=bs,dc=blabla,dc=ar
>> nsds7DirectoryReplicaSubtree: ou=People, dc=blabla,dc=ar
>> nsds7NewWinUserSyncEnabled: on
>> nsds7NewWinGroupSyncEnabled: on
>> nsds7WindowsDomain: bs.blabla.ar
>> nsDS5ReplicaRoot: dc=blabla,dc=ar
>> nsDS5ReplicaHost: dc01.bs.blabla.ar
>> nsDS5ReplicaPort: 389
>> nsDS5ReplicaBindDN: CN=sync,CN=Users,Dc=bs,DC=blabla,DC=ar
>> nsDS5ReplicaTransportInfo: TLS
>> nsDS5ReplicaBindMethod: SIMPLE
>> nsDS5ReplicaCredentials: {DES}XXXXXXXXXXXX
>>
>> Regards,
>>  Diego
>>
>>
>> --
>> Diego Woitasen
>>
>
>
> Fixed. The problem was CN. Windows sync doesn't work is CN="LastName,
> FirstName". Must be cn="FirstName LastName"  (without the comma).
>
>
>
> --
> Diego Woitasen
>


Now I have problems with groups. Only a few groups were replicated.
All groups have the required attributes.

Shall I need to create two agreements, one for groups and one for
users? Or with only one agreement works?

The users and groups are in ou=People and ou=Groups in AD and in 389 DS.

Thanks!

-- 
Diego Woitasen



More information about the 389-users mailing list