[389-users] AD Sync Fails with: R00002105: LdapErr: DSID-0C0907C9, comment: Error processing control, data 0, vece.
Josh Miller
joshua at itsecureadmin.com
Wed Jul 20 02:55:28 UTC 2011
On 7/12/2011 7:33 AM, Rich Megginson wrote:
Hi Rich, thanks for the response.
> On 07/11/2011 09:31 PM, Josh Miller wrote:
>> Using:
>> - 389 DS 8.1
> 8.1???? Platform? rpm -qi 389-ds-base
Name : centos-ds-base Relocations: (not relocatable)
Version : 8.1.0 Vendor: CentOS
Release : 0.14.el5.centos.2 Build Date: Thu 14 May 2009
06:38:31 AM PDT
Install Date: Thu 03 Feb 2011 12:15:02 PM PST Build Host:
builder10.centos.org
Group : System Environment/Daemons Source RPM:
centos-ds-base-8.1.0-0.14.el5.centos.2.src.rpm
Size : 5117970 License: GPLv2 with
exceptions
Signature : DSA/SHA1, Tue 26 May 2009 03:33:09 PM PDT, Key ID
a8a447dce8562897
URL : http://www.centos.org/
Summary : CentOS Directory Server (base)
Description :
CentOS Directory Server is an LDAPv3 compliant server. The base package
includes
the LDAP server and command line utilities for server administration.
>> - AD 2003/2008
>>
>>
>> I am trying to sync from AD (one way) to 389 DS and getting the
>> following error:
>>
>> R00002105: LdapErr: DSID-0C0907C9, comment: Error processing control,
>> data 0, vece.
>>
>> A tcpdump does not appear to reveal anything in the way of errors
> Could you post an excerpt from it?
I've attached the portion of the package capture between the 3-way
hand-shake between the domain controller and when the directory server
begins sending it's entries back to the domain controller.
>> and I
>> got the above error from the packet capture.
>>
>> Any idea how to continue troubleshooting or resolve this issue?
>>
>> I can query AD via ldapsearch using the AD credential set that I have
>> configured in the sync agreement.
> 389 uses the AD DirSync Control for reading the list of changes. The
> bind DN you are using to connect to AD must have Replicator rights in
> order to use this control.
I believe this has been done already, although I have no access to the
domain to verify this other than through LDAP. I have confirmed this
with the windows admin twice now to be sure.
>> Thanks,
>
Thanks a lot,
--
Josh Miller
Open Source Solutions Architect
http://itsecureadmin.com/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 389-server-packet-cap.txt
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110719/e9c113ee/attachment.txt>
More information about the 389-users
mailing list