[389-users] Windows sync agreement - Received result code 34

Vesa Alho listat at alho.fi
Wed Mar 12 08:55:33 UTC 2014 

Hi,

I'm trying to get Windows AD sync working. When trying to start full 
re-syncronization, I get the errors listed below. I've tried to verify 
all settings, but haven't figured out what could cause this. It seems to 
use value (null) with DN, but why?

Other information:
389 => 1.2.11.25 (dc=example,dc=com)
AD => Windows 2012 R2 (dc=example,dc=login)
==> notice, domain names are different!

Windows sync agreement details
Windows domain: example.login
DS subtree: ou=People,dc=example,dc=com
Windows subtree: cn=People,dc=example,dc=login
Replicated subtree: dc=example,dc=com

My goal is to sync 389 users to one OU/CN under AD and groups to 
different OU/CN. I'm not sure if this even possible, but was hoping to 
achieve this by creating separate sync agreements for users and groups.

PS. thanks for excellent software and support!

-Vesa

[12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" 
(hki-dc01:636): map_entry_dn_inbound: problem looking for username: -1

[12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" 
(hki-dc01:636): windows_process_total_entry: Looking 
dn="uid=user1,ou=People,dc=example,dc=com" (ours)

[12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" 
(hki-dc01:636): map_entry_dn_outbound: looking for AD entry for DS 
dn="uid=user1,ou=People,dc=example,dc=com" 
guid="c647c882ee76ab4aac2239ef81ebebb7"

[12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" 
(hki-dc01:636): map_entry_dn_outbound: looking for AD entry for DS 
dn="uid=user1,ou=People,dc=example,dc=com" username="user1"

[12/Mar/2014:10:23:56 +0200] - Calling windows entry search request plugin

[12/Mar/2014:10:23:56 +0200] - windows_search_entry: received 1 
messages, 0 entries, 0 references

[12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" 
(hki-dc01:636): map_entry_dn_outbound: entry not found - rc 0

[12/Mar/2014:10:23:56 +0200] - Windows sync entry: Created new remote entry:
  dn:: Y249VHVvbWFzIFN5cmrDpG5lbiwobnVsbCk=
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: user
userprincipalname: user1 at example.login
cn:: VHVvbWFzIFN5cmrDpG5lbg==
givenName: First
mail: First.Last at example.com
sAMAccountName: user1
accountExpires: 9223372036854775807
sn:: U3lyasOkbmVu
telephoneNumber:
codePage: 0

[12/Mar/2014:10:23:56 +0200] - Attempting to add entry cn=First 
Last,(null) to AD for local entry uid=user1,ou=People,dc=example,dc=com

[12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" 
(hki-dc01:636): Received result code 34 (0000208F: NameErr: 
DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of: 
'(null)' ) for add operation

[12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" 
(hki-dc01:636): windows_replay_update: Cannot replay add operation.

[12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" 
(hki-dc01:636): Beginning linger on the connection

[12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync" 
(hki-dc01:636): windows_tot_run: failed to obtain data to send to the 
consumer; LDAP error - 1

More information about the 389-users mailing list