On 09/17/2012 06:17 PM, Steven Jones wrote:
Hi,
The first time missed the --win-subtree settings so I wiped the admins
in the IPA admin group and users as they were not in cn=users as per
the bug. The second time as far as I can tell I specified the correct
cn via win-subtree flag but I still appear to have lost the users in
IPA.....now I expected to lose the admins but the loss of users as
well confounds me.
I did a ldapsearch as per checking and its seems to be saying the
right folder/ou/cn but IPA is empty.
Hence I was wondering if there was a log recording what the update was
doing so I could try and figure out the mistake. Ive tried greping
cant find any indication.
I will re-try with -v, verbose.
It is not clear from the manuals, but no matter what -win-subtree you
specify, winsync will search AD starting from the dc=domain suffix. So,
for example, if you have
cn=mystaff,cn=staff,dc=example,dc=com
and you specify
--win-subtree "cn=mystaff,cn=staff,dc=example,dc=com"
winsync will still search starting from dc=example,dc=com and will hit
ticket/355 if there are any users outside of
cn=mystaff,cn=staff,dc=example,dc=com that have the same username as a
user in IPA.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
------------------------------------------------------------------------
*From:* Rich Megginson [rmegg...@redhat.com]
*Sent:* Tuesday, 18 September 2012 11:37 a.m.
*To:* Steven Jones
*Cc:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users
On 09/17/2012 04:17 PM, Steven Jones wrote:
Hi,
I just tried to do a winsync agreement with specifying the AD point
as cn=VUW_Staff,dc=staff,dc=vuw,dc=vuw,dc=ac,dc=nz as my users are
not in the users folder but the VUW_Staff folder (at the same level)
and it wiped all IPA users that are also in AD.
Yes, this is what happens with https://fedorahosted.org/389/ticket/355
#355 winsync should not delete entry that appears to be out of scope
While doing the actual update does this get verbosly logged anywhere
as opposed to "update in progress" dumped to the screen? Something
went badly wrong, I just dont know what.
You are seeing something different than #355?
:/
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
