Re: [389-users] Reg ldif file import/export and ldap replication over ldaps

2011-05-27 Thread s.varadha rajan 
Hi,

Can i get any update on my below query ?

Regards,
Varad

On Tue, May 24, 2011 at 6:17 PM, s.varadha rajan rajanvara...@gmail.comwrote:

 Hi,

 We are using Ubuntu 10.04 server OS and all the web applications are
 running on that.We have already implemented fedora-ds for ldap auth.now we
 are planning to go some up-gradation.kindly let me know the following,

 1.How to migrate running fedora-ds server to another server ?

 2.i have taken all the user/group+etc in ldif format.is it enough for
 migration or any other db (/var/lib/dirsrv/slapd-instance) also need to
 bacup ? if any procedure please share with me ? how to import/export .ldif
 file

 3.in our setup,one server is in public network.so i am planning to do
 replication through ldaps, i.e local server to public server replication
 through highly secure how to ?

 Please help me on the above topics.

 Regards,
 Varad

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: [389-users] Windows Sync Agreement Help

2011-05-27 Thread Carsten Grzemba 
It could have different reasons:
- do a ldapsearch -D cn=Directory\ Manager -b cn=config cn=ADSync and check the 
output so that replicabase subtrees are correct in the both worlds
  Any descendant container entries (ou's) need to be created separately in 
Directory by an
  administrator; Windows Sync does not create container entries.
- check with ldapsearch command that the Sync User can bind on AD 
- check the permissions of the sync user in AD, it should be a domain 
administrator, also if you want to sync only from AD to DS.

Regards Carsten

- Ursprüngliche Nachricht -
Von: Albert Teh teh.alb...@gmail.com
Datum: Freitag, 27. Mai 2011, 12:22
Betreff: Re: [389-users] Windows Sync Agreement Help
An: Rich Megginson rmegg...@redhat.com
Cc: General discussion list for the 389 Directory server project. 
389-users@lists.fedoraproject.org

 Hi Rich,
 
 I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added 
 onewaysync set as fromWindows in the multimaster replication 
 plugin. I still got the same result with no user created in the 
 DS subtree.
 
 Errors log:
 
 
 [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning 
 total update of replica agmt=cn=ADSync 
 (wodcstage-1:389).
 [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished 
 total update of replica agmt=cn=ADSync 
 (wodcstage-1:389). Sent 0 entries.
 
 
 
 Access log:
 
 [27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH 
 base=cn=ADSync,cn=replica,cn=dc\3Dalgonquincollege\2Cdc\3Dcom,cn=mapping 
 tree,cn=config scope=0 filter=(|(objectClass=*)(objectClass=ldapsubentry)) 
 attrs=nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd 
 nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus 
 nsds5replicaUpdateInProgress nsds5replicaLastInitStart 
 nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh
 
 [27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101 
 nentries=1 etime=
 
 Thanks for your help.
 
 Albert
 
 
 
 On Thu, May 26, 2011 at 11:13 AM, Rich Megginson rmegg...@redhat.com wrote:
 
 
 
  

  
  
On 05/26/2011 08:58 AM, Albert Teh wrote:
Hi,
 
  
 
  We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5
  and attempt to synchronize with the existing 2003 Windows AD
  server.
 
  Performing  the full sync completed. There is no user created in
  the DS subtree.
 
  
 
  We would like to perform one way Sync:  AD  DS. Once it
  works, we will set up the password Sync from the AD to DS. 
 

One way sync isn't supported with 8.1.0.  I suggest using
389-ds-base 1.2.8.3 from EPEL5 which does support one way sync. 
http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync
 

 
  AD:   cn=Users,cn=location,dc=ad,dc=domain,dc=com
 
  DS:   ou=Peoples,dc=domain,dc=com
 
  
 
  errors log:
 
  
 
  
 
  [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning
  total update of replica agmt=cn=ADsync (wodcstage-1:389).
 
  [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished
  total update of replica agmt=cn=ADsync (wodcstage-1:389). Sent
  0 entries.
 
  
 
  access log:
 
  
 
  26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base=cn=ADsync,
  cn=replica, cn=\22dc=algonquincollege, dc=com\22, cn=mapping tree,
  cn=config scope=0
  filter=(|(objectClass=*)(objectClass=ldapsubentry))
  attrs=nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
  nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
  nsds5replicaUpdateInProgress nsds5replicaLastInitStart
  nsds5replicaLastInitEnd nsds5replicaLastInitStatus
  nsds5BeginReplicaRefresh
 
  [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101
  nentries=1 etime=0
 
  
 
  
 
  Thanks.
 
  Albert
 
  
 
  
 
  
 --
 389 users mailing list
 389-users@lists.fedoraproject.org
 https://admin.fedoraproject.org/mailman/listinfo/389-users


 
  
 
 
 
 -- 
 Albert Teh
 Email: teh.alb...@gmail.com
 
  --
 389 users mailing list
 389-users@lists.fedoraproject.org
 https://admin.fedoraproject.org/mailman/listinfo/389-users
attachment: grzemba.vcf--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users