[389-users] 389 <=> AD group sync
Rich Megginson
rmeggins at redhat.com
Mon Dec 3 20:20:03 UTC 2012
On 12/03/2012 12:00 AM, Matti Alho wrote:
>> I don't know. Looks ok to me. I guess the next step would be to
>> reproduce the problem with the
>> http://port389.org/wiki/FAQ#Troubleshooting Replication log level
>> enabled, and then look in the errors log to see why the group add
>> operation is not being sent to AD.
>
> Here are some relevant log entries with replication logging. Any ideas
> or should I try to change log level to get more information?
Not sure. This looks as though it is attempting to replay a modify
operation made on the 389 entry cn=testgroup,ou=People,dc=domain,dc=com,
but the corresponding AD entry cn=testgroup,cn=Users,dc=domain,dc=com
does not exist. Did the full manual update create the entry
cn=testgroup,cn=Users,dc=domain,dc=com in AD? If not, why not? In your
first message you said
> /Any changes to// groups on 389 side do not get synced to AD unless I do a full manual// update triggered via console/
Can you verify that, after doing a full manual update, you have
cn=testgroup,ou=People,dc=domain,dc=com in 389 and
cn=testgroup,cn=Users,dc=domain,dc=com in AD?
>
> [03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): windows_replay_update: Looking at modify operation local
> dn="cn=testgroup,ou=People,dc=domain,dc=com" (ours,not user,group)
>
> [03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): map_entry_dn_outbound: looking for AD entry for DS
> dn="cn=testgroup,ou=People,dc=domain,dc=com" guid="(null)"
>
> [03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): map_entry_dn_outbound: looking for AD entry for DS
> dn="cn=testgroup,ou=People,dc=domain,dc=com" username="testgroup"
>
> [03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): map_entry_dn_outbound: entry not found - rc 0
>
> [03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): windows_replay_update: Processing modify operation local
> dn="cn=testgroup,ou=People,dc=domain,dc=com" remote
> dn="cn=testgroup,cn=Users,dc=domain,dc=com"
>
> [03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): mod_already_made: AD entry not found
>
> [03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): Received result code 32 (0000208D: NameErr:
> DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
> 'CN=Users,dc=domain,dc=com' ) for modify operation
>
> [03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): Consumer failed to replay change (uniqueid
> b469a981-3d1411e2-9418a8cb-3212cedb, CSN 50bc4a4d000000010000): No
> such object. Skipping.
>
> [03/Dec/2012:08:44:28 +0200] agmt="cn=winsync" (adtest:636) -
> clcache_load_buffer: rc=-30988
>
> [03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): No more updates to send (cl5GetNextOperationToReplay)
>
> [03/Dec/2012:08:44:28 +0200] agmt="cn=winsync" (adtest:636) - session
> end: state=5 load=1 sent=1 skipped=0
>
> [03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): Beginning linger on the connection
>
> [03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): State: sending_updates -> wait_for_changes
>
> [03/Dec/2012:08:45:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): Linger timeout has expired on the connection
>
> [03/Dec/2012:08:45:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): Disconnected from the consumer
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): State: wait_for_changes -> wait_for_changes
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): State: wait_for_changes -> ready_to_acquire_replica
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): Trying secure slapi_ldap_init_ext
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): binddn = cn=replication manager,cn=Users,dc=domain,dc=com,
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): Replication bind with SIMPLE auth resumed
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): No linger to cancel on the connection
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): State: ready_to_acquire_replica -> sending_updates
>
> [03/Dec/2012:08:48:11 +0200] - _cl5PositionCursorForReplay
> (agmt="cn=winsync" (adtest:636)): Consumer RUV:
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): {replicageneration} 505ae68e000000010000
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): {replica 1 ldap://ldap1.domain.com:389}
> 505aedad000000010000 50bc4a4d000000010000 50bc4a4c
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): {replica 2 ldap://ldap2.domain.com:389}
>
> [03/Dec/2012:08:48:11 +0200] - _cl5PositionCursorForReplay
> (agmt="cn=winsync" (adtest:636)): Supplier RUV:
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): {replicageneration} 505ae68e000000010000
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): {replica 1 ldap://ldap1.domain.com:389}
> 505aedad000000010000 50bc4a4d000000010000 50bc4a4c
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): {replica 2 ldap://ldap2.domain.com:389}
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): No changes to send
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): map_entry_dn_inbound: looking for local entry matching
> AD entry [CN=Administrator,CN=Users,dc=domain,dc=com]
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): map_entry_dn_inbound: looking for local entry by guid
> [f9230130d24b3f43b352e77459982c77]
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): map_entry_dn_inbound: problem looking for guid: -1
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): map_entry_dn_inbound: AD entry has no username!
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): map_entry_dn_inbound: looking for local entry matching
> AD entry [CN=Administrator,CN=Users,dc=domain,dc=com]
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): map_entry_dn_inbound: looking for local entry by guid
> [f9230130d24b3f43b352e77459982c77]
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): map_entry_dn_inbound: problem looking for guid: -1
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): map_entry_dn_inbound: looking for local entry by uid
> [Administrator]
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): map_entry_dn_inbound: problem looking for username: -1
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): Beginning linger on the connection
>
> [03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): State: sending_updates -> wait_for_changes
>
> [03/Dec/2012:08:49:12 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
> (adtest:636): Linger timeout has expired on the connection
>
> -Matti
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20121203/54f45bc4/attachment.html>
More information about the 389-users
mailing list