On 02/14/2011 02:09 AM, remy d1 wrote:
Hi,
Is there a timeout for Windows Sync ?
It uses the same one as regular replication
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#setting-replication-timeout-periods
Thanks
2011/2/9 Rich Megginson <rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
On 02/09/2011 06:39 AM, remy d1 wrote:
Hi Rich,
I reinstalled all my server from scratch and reimported all my
data (with cert files).
If I try to synchronize my data, I can import users from AD to
389-DS but I can't do the opposite. My 389 server replica is
always in status "in progress" with "replica acquired
successfully : incremental update started", but it can't finish
the synchronization job.
Sometimes you have to tell winsync to do a full resync a few times
before it finally works.
I could also continue to launch request to my AD server from my
389-DS server (ldapsearch...). I successfully add a user to my AD
with Apache Directory Studio (installed on my 389-DS server) with
the AD synchronizing account. So, it's not an access problem.
Moreover I added a schema on my 389-DS for my directory that is
not present on my AD. Do you think I have to add this schema to
AD or is the synchronization done only on AD required attributes ?
No. The schema that winsync uses is hard coded in 389 - you
cannot extend it or change it - it should work with AD, no changes
to AD should be required.
Or,
Is it a cert file problem on my AD ?
or ...?
Any idea would be appreciated
Regards-
2011/1/25 Rich Megginson <rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>
On 01/25/2011 01:29 AM, remy d1 wrote:
Hi Rich,
I tried to raise the log level, but when I did it, I was not
able to stop/restart my dirsrv service.
What log level did you use? What error messages did you see
when you attempted to stop/restart the service? Anything in
the errors log?
To stop it, I must kill the process and remove the pid file.
Then I could start it.
In my error logs, there is a lot of informations :
[root@KingKong ~]# tail /var/log/dirsrv/slapd-KingKong/errors
[24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin -
changelog program - cl5GetOperationCount: could not get DB
object for replica
[24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin -
changelog program - _cl5GetDBFile: no DB object found for
database
/var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4
[24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin -
changelog program - cl5GetOperationCount: could not get DB
object for replica
[24/Jan/2011:16:18:40 +0100] NSMMReplicationPlugin -
changelog program - _cl5GetDBFile: no DB object found for
database
/var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4
[24/Jan/2011:16:18:40 +0100] NSMMReplicationPlugin -
changelog program - cl5GetOperationCount: could not get DB
object for replica
[24/Jan/2011:16:18:41 +0100] NSMMReplicationPlugin -
changelog program - _cl5GetDBFile: no DB object found for
database
/var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4
[24/Jan/2011:16:18:41 +0100] NSMMReplicationPlugin -
changelog program - cl5GetOperationCount: could not get DB
object for replica
[24/Jan/2011:16:18:42 +0100] NSMMReplicationPlugin -
changelog program - _cl5GetDBFile: no DB object found for
database
/var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b28870000ffff0000.db4
[24/Jan/2011:16:18:42 +0100] NSMMReplicationPlugin -
changelog program - cl5GetOperationCount: could not get DB
object for replica
[24/Jan/2011:16:24:18 +0100] NSMMReplicationPlugin -
changelog program - cl5ExportLDIF: failed to locate
changelog file for replica at (dc=mydomain,dc=com)
This problem is very similar to this post :
http://www.redhat.com/archives/fedora-directory-commits/2009-March/msg00005.html
Although I have the last version of 389-DS.
Are you sure this is the correct post you wanted to refer
to? Because this is a patch commit for a fix when moving the
changelog directory - did you move the changelog directory?
Because you did not mention it in your earlier post.
I think I have also some troubleshooting with my hostname
because bind is not configured. However, I have choosen to
put it my /etc/hosts file
[root@KingKong ~]# nl /etc/host.conf
1 multi on
2 order hosts,bind
hostname command reply the full "fqdn" if I choose the
option --all-fqdn, contrary to the option "--fqdn". The
reply is just my hostname without the domain. By the way, if
I say
#hostname KingKong.mydomain.com <http://KingKong.mydomain.com>
Eveything is now good for my hostname but I can not launch
my 389-console. I think the adress to connect is not ok... I
do not know if this problem is linked to the previous
problems...
So, I do #hostname KingKong
Then, I launch the console again. Now, if I try to initiate
a full synchronization, I can see (and I am still stuck on
it) the window "please wait while data is being
synchronized...", but nothing else... Data are not
synchronized and I do not see anything in my Windows event
viewer while replica agreement seems to be ok and PassSync
service is installed...
It is very difficult to change your hostname after you have
configured the admin server and console. I suggest starting
over from scratch, and first make sure your hostname is correct.
I also suggest using
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync
to configure Windows Sync.
Thanks for help,
-Regards
2011/1/21 Rich Megginson <rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>
Date:
Fri, 21 Jan 2011 10:25:56 +0100
To:
"General discussion list for the 389 Directory server
project." <389-us...@lists.fedoraproject.org>
<mailto:389-us...@lists.fedoraproject.org>
Hi Rich,
Thanks for this usefull link.
I have successfully initiate replica between Windows AD
and my server 389-DS. Ldapsearch is working. But even
if everything seems to be ok, the update does not work
and I do not see any error in the log files... So, my
AD server stay empty, the accounts are not migrate...
Here you have my access log file which is more
verbose... (mydomain.com <http://mydomain.com> for the
example) :
<snip>
Obviously I am connecting to the server 389-DS itself
whereas it can resolve the DNS name of my Windows
server... There is no error in the AD event viewer
while I could see errors on it when it was
misconfigured (like DirSync errors)... So, basically,
the Windows server is contacted to my DS-Server over 2
different networks.
Do you think I have to open the ports described in my
message ?
-Regards.
I don't know. There is no winsync information in the
access log. Note that the access log records client
accesses to the directory server, and in winsync, the
directory server itself acts as a client to AD, so
winsync will log nothing in the access log. The errors
log could be helpful, and especially using the
replication log level (which is also used for winsync
logging). The Windows Event Viewer is useless for
winsync issues.
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
