On 05/30/2011 08:32 AM, Albert Teh wrote:
Hi Rich,
I followed the Guide and still got the same result. Checked with the
AD administrator, the AD's user: mailadm has a full privilege.
/usr/bin/ldapsearch -x -w - -D cn="Directory Manager"-b
"ou=People,dc=algonquincollege,dc=com"
"(|(objectclass=ntuser)(objectclass=ntgroup))"
How many entries match that search?
Thanks.
Albert
Here is the Windows Sync Agreement info:
[root@algldap slapd-algldap]# /usr/lib/mozldap/ldapsearch -w - -D
cn="Directory Manager" -b cn=config cn=ADSync
Enter bind password:
version: 1
dn:
cn=ADSync,cn=replica,cn=dc\3Dalgonquincollege\2Cdc\3Dcom,cn=mapping tree,c
n=config
objectClass: top
objectClass: nsDSWindowsReplicationAgreement
description: AD Sync Agreement
cn: ADSync
nsds7WindowsReplicaSubtree:
cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=co
m
nsds7DirectoryReplicaSubtree: ou=People, dc=algonquincollege,dc=com
nsds7NewWinUserSyncEnabled: on
nsds7NewWinGroupSyncEnabled: on
nsds7WindowsDomain: ottawa.ad.algonquincollege.com
<http://ottawa.ad.algonquincollege.com>
nsDS5ReplicaRoot: dc=algonquincollege,dc=com
nsDS5ReplicaHost: wodcstage-1.ottawa.ad.algonquincollege.com
<http://wodcstage-1.ottawa.ad.algonquincollege.com>
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN:
cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc
=com
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaCredentials: {DES}U68ooQM3C15xjJ/taDmy0A==
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20110530141648Z
nsds5replicaLastUpdateEnd: 20110530141648Z
nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully:
Incremental upd
ate succeeded
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 20110530140648Z
nsds5replicaLastInitEnd: 20110530140648Z
nsds5replicaLastInitStatus: 0 Total update succeeded
[root@algldap slapd-algldap]#
On Fri, May 27, 2011 at 10:57 AM, Rich Megginson <rmegg...@redhat.com
<mailto:rmegg...@redhat.com>> wrote:
On 05/27/2011 04:22 AM, Albert Teh wrote:
Hi Rich,
I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added onewaysync
set as fromWindows in the multimaster replication plugin. I still
got the same result with no user created in the DS subtree.
Have you read
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync
Errors log:
[27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning
total update of replica "agmt="cn=ADSync" (wodcstage-1:389)".
[27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished
total update of replica "agmt="cn=ADSync" (wodcstage-1:389)".
Sent 0 entries.
Access log:
[27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH
base="cn=ADSync,cn=replica,cn=dc\3Dalgonquincollege\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart
nsds5replicaLastInitEnd nsds5replicaLastInitStatus
nsds5BeginReplicaRefresh"
[27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101
nentries=1 etime=
Thanks for your help.
Albert
On Thu, May 26, 2011 at 11:13 AM, Rich Megginson
<rmegg...@redhat.com <mailto:rmegg...@redhat.com>> wrote:
On 05/26/2011 08:58 AM, Albert Teh wrote:
Hi,
We are setting up a new CENTOS-DS version 8.1.0. and CENTOS
5.5 and attempt to synchronize with the existing 2003
Windows AD server.
Performing the full sync completed. There is no user
created in the DS subtree.
We would like to perform one way Sync: AD ----> DS. Once it
works, we will set up the password Sync from the AD to DS.
One way sync isn't supported with 8.1.0. I suggest using
389-ds-base 1.2.8.3 from EPEL5 which does support one way
sync.
http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync
AD: cn=Users,cn=location,dc=ad,dc=domain,dc=com
DS: ou=Peoples,dc=domain,dc=com
errors log:
[26/May/2011:10:20:34 -0400] NSMMReplicationPlugin -
Beginning total update of replica "agmt="cn=ADsync"
(wodcstage-1:389)".
[26/May/2011:10:20:34 -0400] NSMMReplicationPlugin -
Finished total update of replica "agmt="cn=ADsync"
(wodcstage-1:389)". Sent 0 entries.
access log:
26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH
base="cn=ADsync, cn=replica, cn=\22dc=algonquincollege,
dc=com\22, cn=mapping tree, cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup
nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress
nsds5replicaLastInitStart nsds5replicaLastInitEnd
nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
[26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0
tag=101 nentries=1 etime=0
Thanks.
Albert
--
389 users mailing list
389-users@lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Albert Teh
Email: teh.alb...@gmail.com <mailto:teh.alb...@gmail.com>
--
Albert Teh
Email: teh.alb...@gmail.com
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
