[389-users] Windows sync agreement - Received result code 34

Mon Mar 17 07:24:16 UTC 2014

Hi,

Would anyone have tips how to debug this futher? I tried with older AD 
2008 R2 and with identical domain name. Also with various OU and CN 
combinations. Even with using admin accounts at both ends. But it still 
gives the same error code:

Attempting to add entry cn=First
Last,(null) to AD for local entry uid=user1,ou=People,dc=example,dc=com

NSMMReplicationPlugin - agmt="cn=adsync" Received result code 34 
(0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, 
best match of: '(null)' ) for add operation

It must be something simple I'm missing here...

-Vesa

On 12/03/14 10:55, Vesa Alho wrote:
> Hi,
>
> I'm trying to get Windows AD sync working. When trying to start full
> re-syncronization, I get the errors listed below. I've tried to verify
> all settings, but haven't figured out what could cause this. It seems to
> use value (null) with DN, but why?
>
> Other information:
> 389 => 1.2.11.25 (dc=example,dc=com)
> AD => Windows 2012 R2 (dc=example,dc=login)
> ==> notice, domain names are different!
>
> Windows sync agreement details
> Windows domain: example.login
> DS subtree: ou=People,dc=example,dc=com
> Windows subtree: cn=People,dc=example,dc=login
> Replicated subtree: dc=example,dc=com
>
> My goal is to sync 389 users to one OU/CN under AD and groups to
> different OU/CN. I'm not sure if this even possible, but was hoping to
> achieve this by creating separate sync agreements for users and groups.
>
> PS. thanks for excellent software and support!
>
> -Vesa
>
> [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> (hki-dc01:636): map_entry_dn_inbound: problem looking for username: -1
>
> [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> (hki-dc01:636): windows_process_total_entry: Looking
> dn="uid=user1,ou=People,dc=example,dc=com" (ours)
>
> [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> (hki-dc01:636): map_entry_dn_outbound: looking for AD entry for DS
> dn="uid=user1,ou=People,dc=example,dc=com"
> guid="c647c882ee76ab4aac2239ef81ebebb7"
>
> [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> (hki-dc01:636): map_entry_dn_outbound: looking for AD entry for DS
> dn="uid=user1,ou=People,dc=example,dc=com" username="user1"
>
> [12/Mar/2014:10:23:56 +0200] - Calling windows entry search request plugin
>
> [12/Mar/2014:10:23:56 +0200] - windows_search_entry: received 1
> messages, 0 entries, 0 references
>
> [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> (hki-dc01:636): map_entry_dn_outbound: entry not found - rc 0
>
> [12/Mar/2014:10:23:56 +0200] - Windows sync entry: Created new remote
> entry:
>   dn:: Y249VHVvbWFzIFN5cmrDpG5lbiwobnVsbCk=
> objectClass: top
> objectClass: person
> objectClass: organizationalperson
> objectClass: user
> userprincipalname: user1 at example.login
> cn:: VHVvbWFzIFN5cmrDpG5lbg==
> givenName: First
> mail: First.Last at example.com
> sAMAccountName: user1
> accountExpires: 9223372036854775807
> sn:: U3lyasOkbmVu
> telephoneNumber:
> codePage: 0
>
> [12/Mar/2014:10:23:56 +0200] - Attempting to add entry cn=First
> Last,(null) to AD for local entry uid=user1,ou=People,dc=example,dc=com
>
> [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> (hki-dc01:636): Received result code 34 (0000208F: NameErr:
> DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
> '(null)' ) for add operation
>
> [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> (hki-dc01:636): windows_replay_update: Cannot replay add operation.
>
> [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> (hki-dc01:636): Beginning linger on the connection
>
> [12/Mar/2014:10:23:56 +0200] NSMMReplicationPlugin - agmt="cn=adsync"
> (hki-dc01:636): windows_tot_run: failed to obtain data to send to the
> consumer; LDAP error - 1