[389-users] Sync problem between AD and 389ds (freeIPA) : no posix attributes sync
Edouard Guigné
guigne at lms.polytechnique.fr
Wed Nov 12 15:52:41 UTC 2014
Dear 389-users,
I am trying to make working a sync between my AD win 2008 R2 and FreeIPA
(fedora 20) server.
My goal is to retrieve all my AD users in freeIPA database.
This is my 389 ds version :
*# rpm -q 389-ds-base**
**389-ds-base-1.3.2.23-1.fc20.x86_64*
With "ipa-replica-manage connect --winsync ...", I succeeded to copy
users from AD to FreeIPA (via the sync agreement).
I tried then to sync posix attributes (from my AD which has "Subsystem
for UNIX-based Applications") into the freeIPA server with activating
the posix winsync plugin
I would like to extract attributes from my AD like :
- uidNumber
- gidNumber
- unixHomeDirectory
- loginShell
- msSFU30NisDomain
For this, I turn on the posix winsync plugin according to the
documentation :
http://www.port389.org/docs/389ds/design/winsync-posix.html
1. I enable the plugin this way :
ldapmodify -D "cn=directory manager" -w xxxxx
dn: cn=Posix Winsync API,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
2. And I also added a nisDomain attribut like this :
ldapmodify -x -D "cn=directory manager" -w xxxxx
dn: dc=lmsipa,dc=polytechnique,dc=fr
changetype: modify
replace: nisDomain
nisDomain: lmsadtest
The nisDomain is the same than the msSFU30NisDomain (lmsadtest) in my AD.
3. I restarted the ipa server (ipa-ctl restart).
However, I do not succeed in syncing the posix attributes...
4. I turned on the replication logging level
and this is the log for sync of 1 user account :
...
05/Nov/2014:10:37:28 +0100] NSMMReplicationPlugin - windows sync -
agmt="cn=meTolmscad1test.lmsadtest.polytechnique.fr" (lmscad1test:389):
map_entry_dn_outbound: looking for AD entry for DS
dn="uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr"
username="guigne"
[05/Nov/2014:10:37:28 +0100] - Calling windows entry search request plugin
[05/Nov/2014:10:37:28 +0100] - windows_search_entry: received 2
messages, 1 entries, 0 references
[05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync -
agmt="cn=meTolmscad1test.lmsadtest.polytechnique.fr" (lmscad1test:389):
map_entry_dn_outbound: found AD entry dn="CN=Edouard
Guigné,OU=lms,DC=lmsadtest,DC=polytechnique,DC=fr"
[05/Nov/2014:10:37:29 +0100] - Calling windows entry search request plugin
[05/Nov/2014:10:37:29 +0100] - windows_search_entry: received 2
messages, 1 entries, 0 references
[05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync -
windows_generate_update_mods:
uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr, sn :
values are equal
[05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync -
windows_generate_update_mods:
uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr,
description : values are equal
[05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync -
windows_generate_update_mods:
uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr,
givenName : values are equal
[05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync -
windows_generate_update_mods:
uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr,
codePage : values not present on peer entry
[05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync -
windows_generate_update_mods:
uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr,
scriptPath : values not present on peer entry
[05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync -
windows_generate_update_mods:
uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr,
accountExpires : values not present on peer entry
[05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync -
windows_generate_update_mods:
uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr,
sAMAccountName : values not present on peer entry
[05/Nov/2014:10:37:29 +0100] NSMMReplicationPlugin - windows sync -
windows_generate_update_mods:
uid=guigne,cn=users,cn=accounts,dc=lmsipa,dc=polytechnique,dc=fr, mail :
values are equal
*[05/Nov/2014:10:37:29 +0100] posix-winsync - getNisDomainName: no
nisdomainname found in DC=fr, LDAP Err-1*
[05/Nov/2014:10:37:29 +0100] - smod - windows sync
[05/Nov/2014:10:37:29 +0100] - smod 0 - add: codePage
[05/Nov/2014:10:37:29 +0100] - smod 0 - value: codePage: 0
[05/Nov/2014:10:37:29 +0100] - smod 1 - add: scriptPath
[05/Nov/2014:10:37:29 +0100] - smod 1 - value: scriptPath: Logon_guigne.bat
[05/Nov/2014:10:37:29 +0100] - smod 2 - add: accountExpires
[05/Nov/2014:10:37:29 +0100] - smod 2 - value: accountExpires:
9223372036854775807
[05/Nov/2014:10:37:29 +0100] - smod 3 - add: sAMAccountName
[05/Nov/2014:10:37:29 +0100] - smod 3 - value: sAMAccountName: guigne
[05/Nov/2014:10:37:29 +0100] - smod 4 - add: msSFU30uidnumber
[05/Nov/2014:10:37:29 +0100] - smod 4 - value: msSFU30uidnumber: 12069
[05/Nov/2014:10:37:29 +0100] - smod 5 - add: msSFU30gidnumber
[05/Nov/2014:10:37:29 +0100] - smod 5 - value: msSFU30gidnumber: 4400
[05/Nov/2014:10:37:30 +0100] - smod 6 - add: msSFU30loginshell
[05/Nov/2014:10:37:30 +0100] - smod 6 - value: msSFU30loginshell: /bin/bash
[05/Nov/2014:10:37:30 +0100] NSMMReplicationPlugin - windows sync -
windows_update_remote_entry: modifying entry CN=Edouard
Guigné,OU=lms,DC=lmsadtest,DC=polytechnique,DC=fr
[05/Nov/2014:10:37:30 +0100] NSMMReplicationPlugin - windows sync -
agmt="cn=meTolmscad1test.lmsadtest.polytechnique.fr" (lmscad1test:389):
Received result code 16 (00000057: LdapErr: DSID-0C090B8A, comment:
Error in attribute conversion operation, data 0, v1db1) for modify operation
...
So the Posix attributes are well found but not sync in 389 database.
What does it mean :
*posix-winsync - getNisDomainName: no nisdomainname found in DC=fr, LDAP
Err-1*
May you help me to solve the issue ?
Best Regards,
Ed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20141112/5e94b17b/attachment.html>
More information about the 389-users
mailing list