[389-users] Replication field doubt
Rich Megginson
rmeggins at redhat.com
Thu Jul 5 20:15:10 UTC 2012
On 07/05/2012 02:12 PM, Alberto Viana wrote:
> Rich,
>
> I found a problem, seems to be a bug:
>
> When I delete the user from my AD the plugin did not update the group
> (did not test deleting first in 389 DS). So the user does not exist,
> but in 389 DS group shows me the entry.
By default changes in AD are only sync'ed back to 389 every 5 minutes.
You can change the winSyncInterval parameter in your sync agreement entry.
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Using_Windows_Sync-Modifying_the_Sync_Agreement.html#syncagmt-cmd
>
> When I create the user again,
Create the user again in AD?
> the 389 (replication plugin or whatever) delete everyone from my group
> in 389 DS.
I'm not sure I understand. What group? Can you provide more details?
What version of 389-ds-base? rpm -q 389-ds-base
>
> I´m not sure if is a 389 DS console problem or plugin replication problem.
>
> Could not found anything related to it on bugs.
>
> Thanks
>
>
>
> On Thu, Jul 5, 2012 at 4:42 PM, Rich Megginson <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>> wrote:
>
> On 07/05/2012 01:32 PM, Alberto Viana wrote:
>> I have a replication with a 389 DS server and my AD domain.
>> According to the documentation the field used to control the
>> replication is "NT user ID" on 389 DS and it is populated from
>> Active directory´s field "sAMAccountName".
>>
>> The fact is that "sAMAccountName" is limited to 20 characters.
>>
>>
>> My problem is that I always create my user´s in the active
>> directory first, so when I create a user longer than 20
>> characters, 389 DS create it missing letters (off corse the
>> problem is about windows limitation and I know that), I´m just
>> trying to find out the esiest solution to my problem.
>>
>> For example, I have an user called "therezinha.figueiredo" and
>> when I create it on my AD the "sAMAccountName" is
>> "therezinha.figueired", so the replication plugin create in the
>> 389 Server an user Called "therezinha.figueired"
>>
>> I Also tried to modifify the user uid and keep the "NT user ID".
>> For example:
>>
>> After the replication plugin created the user called
>> "therezinha.figueired" I modified it manually to
>> ""therezinha.figueiredo" and kept the "NT user ID", but something
>> strange hapenned with this user groups (in the 389 DS and also in
>> the Active Directory).
>>
>>
>> Any clues? Can I use another field to populate users "NT user ID"
>> and change it on the replication plugin?
>
> It will be a manual process, but you might be able to create the
> user first in AD, then manually create the user in 389, with the
> ntUniqueID field set to the objectGUID of the AD entry. 389
> winsync uses the uid -> samAccountName for the initial mapping,
> but once that is established, it uses ntUniqueID -> objectGUID.
>
> At any rate, please file a ticket at
> https://fedorahosted.org/389
>>
>>
>> Thanks
>>
>> Alberto Viana
>>
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org <mailto:389-users at lists.fedoraproject.org>
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120705/467ec6f2/attachment.html>
More information about the 389-users
mailing list