It could have different reasons: - do a ldapsearch -D cn=Directory\ Manager -b cn=config cn=ADSync and check the output so that replicabase subtrees are correct in the both worlds Any descendant container entries (ou's) need to be created separately in Directory by an administrator; Windows Sync does not create container entries. - check with ldapsearch command that the Sync User can bind on AD - check the permissions of the sync user in AD, it should be a domain administrator, also if you want to sync only from AD to DS.
Regards Carsten ----- Ursprüngliche Nachricht ----- Von: Albert Teh <teh.alb...@gmail.com> Datum: Freitag, 27. Mai 2011, 12:22 Betreff: Re: [389-users] Windows Sync Agreement Help An: Rich Megginson <rmegg...@redhat.com> Cc: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org> > Hi Rich, > > I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added > onewaysync set as fromWindows in the multimaster replication > plugin. I still got the same result with no user created in the > DS subtree. > > Errors log: > > > [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning > total update of replica "agmt="cn=ADSync" > (wodcstage-1:389)". > [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished > total update of replica "agmt="cn=ADSync" > (wodcstage-1:389)". Sent 0 entries. > > > > Access log: > > [27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH > base="cn=ADSync,cn=replica,cn=dc\3Dalgonquincollege\2Cdc\3Dcom,cn=mapping > tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" > attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd > nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus > nsds5replicaUpdateInProgress nsds5replicaLastInitStart > nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" > > [27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101 > nentries=1 etime= > > Thanks for your help. > > Albert > > > > On Thu, May 26, 2011 at 11:13 AM, Rich Megginson <rmegg...@redhat.com> wrote: > > > > > > > > On 05/26/2011 08:58 AM, Albert Teh wrote: > Hi, > > > > We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5 > and attempt to synchronize with the existing 2003 Windows AD > server. > > Performing the full sync completed. There is no user created in > the DS subtree. > > > > We would like to perform one way Sync: AD ----> DS. Once it > works, we will set up the password Sync from the AD to DS. > > > One way sync isn't supported with 8.1.0. I suggest using > 389-ds-base 1.2.8.3 from EPEL5 which does support one way sync. > http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync > > > > AD: cn=Users,cn=location,dc=ad,dc=domain,dc=com > > DS: ou=Peoples,dc=domain,dc=com > > > > errors log: > > > > > > [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning > total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". > > [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished > total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent > 0 entries. > > > > access log: > > > > 26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync, > cn=replica, cn=\22dc=algonquincollege, dc=com\22, cn=mapping tree, > cn=config" scope=0 > filter="(|(objectClass=*)(objectClass=ldapsubentry))" > attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd > nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus > nsds5replicaUpdateInProgress nsds5replicaLastInitStart > nsds5replicaLastInitEnd nsds5replicaLastInitStatus > nsds5BeginReplicaRefresh" > > [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101 > nentries=1 etime=0 > > > > > > Thanks. > > Albert > > > > > > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > > > > -- > Albert Teh > Email: teh.alb...@gmail.com > > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users
<<attachment: grzemba.vcf>>
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
