On 12/03/2012 12:00 AM, Matti Alho wrote:
I don't know. Looks ok to me. I guess the next step would be to
reproduce the problem with the
http://port389.org/wiki/FAQ#Troubleshooting Replication log level
enabled, and then look in the errors log to see why the group add
operation is not being sent to AD.
Here are some relevant log entries with replication logging. Any ideas
or should I try to change log level to get more information?
Not sure. This looks as though it is attempting to replay a modify
operation made on the 389 entry cn=testgroup,ou=People,dc=domain,dc=com,
but the corresponding AD entry cn=testgroup,cn=Users,dc=domain,dc=com
does not exist. Did the full manual update create the entry
cn=testgroup,cn=Users,dc=domain,dc=com in AD? If not, why not? In your
first message you said
/Any changes to// groups on 389 side do not get synced to AD unless I do a
full manual// update triggered via console/
Can you verify that, after doing a full manual update, you have
cn=testgroup,ou=People,dc=domain,dc=com in 389 and
cn=testgroup,cn=Users,dc=domain,dc=com in AD?
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): windows_replay_update: Looking at modify operation local
dn="cn=testgroup,ou=People,dc=domain,dc=com" (ours,not user,group)
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): map_entry_dn_outbound: looking for AD entry for DS
dn="cn=testgroup,ou=People,dc=domain,dc=com" guid="(null)"
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): map_entry_dn_outbound: looking for AD entry for DS
dn="cn=testgroup,ou=People,dc=domain,dc=com" username="testgroup"
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): map_entry_dn_outbound: entry not found - rc 0
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): windows_replay_update: Processing modify operation local
dn="cn=testgroup,ou=People,dc=domain,dc=com" remote
dn="cn=testgroup,cn=Users,dc=domain,dc=com"
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): mod_already_made: AD entry not found
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): Received result code 32 (0000208D: NameErr:
DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Users,dc=domain,dc=com' ) for modify operation
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): Consumer failed to replay change (uniqueid
b469a981-3d1411e2-9418a8cb-3212cedb, CSN 50bc4a4d000000010000): No
such object. Skipping.
[03/Dec/2012:08:44:28 +0200] agmt="cn=winsync" (adtest:636) -
clcache_load_buffer: rc=-30988
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): No more updates to send (cl5GetNextOperationToReplay)
[03/Dec/2012:08:44:28 +0200] agmt="cn=winsync" (adtest:636) - session
end: state=5 load=1 sent=1 skipped=0
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): Beginning linger on the connection
[03/Dec/2012:08:44:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): State: sending_updates -> wait_for_changes
[03/Dec/2012:08:45:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): Linger timeout has expired on the connection
[03/Dec/2012:08:45:28 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): Disconnected from the consumer
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): State: wait_for_changes -> wait_for_changes
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): State: wait_for_changes -> ready_to_acquire_replica
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): Trying secure slapi_ldap_init_ext
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): binddn = cn=replication manager,cn=Users,dc=domain,dc=com,
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): Replication bind with SIMPLE auth resumed
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): No linger to cancel on the connection
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): State: ready_to_acquire_replica -> sending_updates
[03/Dec/2012:08:48:11 +0200] - _cl5PositionCursorForReplay
(agmt="cn=winsync" (adtest:636)): Consumer RUV:
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): {replicageneration} 505ae68e000000010000
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): {replica 1 ldap://ldap1.domain.com:389}
505aedad000000010000 50bc4a4d000000010000 50bc4a4c
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): {replica 2 ldap://ldap2.domain.com:389}
[03/Dec/2012:08:48:11 +0200] - _cl5PositionCursorForReplay
(agmt="cn=winsync" (adtest:636)): Supplier RUV:
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): {replicageneration} 505ae68e000000010000
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): {replica 1 ldap://ldap1.domain.com:389}
505aedad000000010000 50bc4a4d000000010000 50bc4a4c
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): {replica 2 ldap://ldap2.domain.com:389}
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): No changes to send
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): map_entry_dn_inbound: looking for local entry matching
AD entry [CN=Administrator,CN=Users,dc=domain,dc=com]
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): map_entry_dn_inbound: looking for local entry by guid
[f9230130d24b3f43b352e77459982c77]
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): map_entry_dn_inbound: problem looking for guid: -1
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): map_entry_dn_inbound: AD entry has no username!
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): map_entry_dn_inbound: looking for local entry matching
AD entry [CN=Administrator,CN=Users,dc=domain,dc=com]
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): map_entry_dn_inbound: looking for local entry by guid
[f9230130d24b3f43b352e77459982c77]
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): map_entry_dn_inbound: problem looking for guid: -1
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): map_entry_dn_inbound: looking for local entry by uid
[Administrator]
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): map_entry_dn_inbound: problem looking for username: -1
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): Beginning linger on the connection
[03/Dec/2012:08:48:11 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): State: sending_updates -> wait_for_changes
[03/Dec/2012:08:49:12 +0200] NSMMReplicationPlugin - agmt="cn=winsync"
(adtest:636): Linger timeout has expired on the connection
-Matti
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users