[389-users] winsync: differences between 1.2.11.15 and 1.3

Rich Megginson rmeggins at redhat.com
Fri Jul 19 14:15:52 UTC 2013 

On 07/18/2013 11:46 PM, Juan Carlos Camargo wrote:
> Rich,
>
> Thanks for replying.
> The entry CN=XXXX is the same in both cases and inside the scope 
> (inside the windows subtree). The agreements are the same in both servers:

Ok.  Can you reproduce the problem with the Replication log level 
enabled, then post your errors log showing the problem? 
http://port389.org/wiki/FAQ#Troubleshooting

>
> v1.2.11.15
> dn: cn=ad5,cn=replica,cn=dc\3Dmetaeprinsa\2Cdc\3Dorg,cn=mapping 
> tree,cn=config
> objectClass: top
> objectClass: nsDSWindowsReplicationAgreement
> description: ad5
> cn: ad5
> nsds7WindowsReplicaSubtree: dc=epr
> nsds7DirectoryReplicaSubtree: ou=usuarios,dc=metaeprinsa,dc=org
> nsds7NewWinUserSyncEnabled: on
> nsds7NewWinGroupSyncEnabled: off
> nsds7WindowsDomain: epr
> nsDS5ReplicaRoot: dc=metaeprinsa,dc=org
> nsDS5ReplicaHost: ad5.epr
> nsDS5ReplicaPort: 389
> nsDS5ReplicaBindDN: cn=metasync,ou=usuarios de servicio,ou=grupos,dc=epr
> nsDS5ReplicaBindMethod: SIMPLE
> nsDS5ReplicaCredentials: ****
> oneWaySync: fromWindows
>
> v1.3
> dn: cn=ad5,cn=replica,cn=dc\3Dmetaeprinsa\2Cdc\3Dorg,cn=mapping 
> tree,cn=config
> objectClass: top
> objectClass: nsDSWindowsReplicationAgreement
> description: ad5
> cn: ad5
> nsds7WindowsReplicaSubtree: dc=epr
> nsds7DirectoryReplicaSubtree: ou=usuarios,dc=metaeprinsa,dc=org
> nsds7NewWinUserSyncEnabled: on
> nsds7NewWinGroupSyncEnabled: off
> nsds7WindowsDomain: epr
> nsDS5ReplicaRoot: dc=metaeprinsa,dc=org
> nsDS5ReplicaHost: ad5.epr
> nsDS5ReplicaPort: 389
> nsDS5ReplicaBindDN: cn=metasync,ou=usuarios de servicio,ou=grupos,dc=epr
> nsDS5ReplicaBindMethod: SIMPLE
> nsDS5ReplicaCredentials: ****
> oneWaySync: fromWindows
>
> ------------------------------------------------------------------------
> *De: *"Rich Megginson" <rmeggins at redhat.com>
> *Para: *"General discussion list for the 389 Directory server 
> project." <389-users at lists.fedoraproject.org>
> *CC: *"Juan Carlos Camargo" <juancarlos at eprinsa.es>
> *Enviados: *Jueves, 18 de Julio 2013 16:01:52
> *Asunto: *Re: [389-users] winsync: differences between 1.2.11.15 and 1.3
>
> On 07/18/2013 06:17 AM, Juan Carlos Camargo wrote:
>
>     Hi 389ers,
>
>     I have a lab scenario with one server running version 1.3 on
>     Fedora19. My production servers still use 1.2.11.15 and run on
>     CentOS. I've created oneway sync agreements FROM Windows2003 , in
>     both cases with the same params: windows sync user, windows host,
>     ds subtree and windows subtree. But I've noticed that in version
>     1.3 sync does not work, all users are reported to be "out of
>     scope" even when the same sAMAccountName/uid is found.
>
>     Ex:
>     v1.3
>     "
>     [18/Jul/2013:12:59:15 +0200] NSMMReplicationPlugin - agmt="cn=ad5"
>     (ad5:389): windows_process_dirsync_entry: windows inbound entry
>     CN=XXXX has the same name as local entry uid=XXXX but the windows
>     entry is out of the scope of the sync subtree [dc=DOMAIN] - if you
>     want these entries to be in sync, add the ntUser/ntGroup
>     objectclass and required attributes to the local entry, and move
>     the windows entry into scope
>     "
>
>     v1.2.11.15
>
>     [18/Jul/2013:13:31:00 +0200] NSMMReplicationPlugin - agmt="cn=ad5"
>     (ad5:389): map_entry_dn_inbound: looking for local entry matching
>     AD entry [CN=XXXX]
>     [18/Jul/2013:13:31:00 +0200] NSMMReplicationPlugin - agmt="cn=ad5"
>     (ad5:389): map_entry_dn_inbound: looking for local entry by guid
>     [155e86afca9f2141af71624d7f55a44c]
>     [18/Jul/2013:13:31:00 +0200] NSMMReplicationPlugin - agmt="cn=ad5"
>     (ad5:389): map_entry_dn_inbound: found local entry [uid=XXXX]
>
>
>     Sorry about the different timestamps, but the user under XXXX was
>     the same in both cases. So, same agreement in version 1.2.11.15
>     syncs the users (from Windows always) perfectly.  I've deleted and
>     recreated the agreements in both sides, just in case I mispelled
>     something,but still the same results. What has changed , or
>     better, where did I go wrong?
>
>
> Can you post your winsync config?
> The AD entry CN=XXXX - is it in the windows subtree or outside of it?  
> If it is outside of it, why?
>
>
>     Regards!
>
>     -- 
>
>     Juan Carlos Camargo Carrillo.
>     @jcarloscamargo
>     957-211157 , 650932877
>
>     
>
>
>     --
>     389 users mailing list
>     389-users at lists.fedoraproject.org
>     https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>
>
> -- 
>
> Juan Carlos Camargo Carrillo.
> @jcarloscamargo
> 957-211157 , 650932877
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130719/fe252da3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 14373 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130719/fe252da3/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 14373 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130719/fe252da3/attachment-0001.gif>

More information about the 389-users mailing list