Erling Ringen Elvsrud wrote:

I have just configured Windows sync (I use RHDS 8.0/RHEL 5.1). When
initiating a full re-syncronization I get these log-entries from the
Linux side:

[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin - Running Dirsync
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): State: wait_for_changes ->
wait_for_changes
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): State: wait_for_changes ->
ready_to_acquire_replica
[03/Oct/2008:13:05:40 +0200] - acquire_replica, supplier RUV:
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin - supplier:
{replicageneration} 48e5d6030000ffff0000
[03/Oct/2008:13:05:40 +0200] - acquire_replica, consumer RUV:
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin - consumer:
{replicageneration} 48e5d6030000ffff0000
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): Trying non-secure slapi_ldap_init
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): binddn = Cn=srvLinuxLDAP,
cn=users,dc=utv,dc=internsone2,dc=local, passwd =
{DES}5OZLz0E4j2onl1VNZhRT3g==
[03/Oct/2008:13:05:40 +0200] - windows_conn_connect : detected Win2k3 peer
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): No linger to cancel on the
connection
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
windows_acquire_replica returned success (101)
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): State: ready_to_acquire_replica
-> sending_updates
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): No changes to send
[03/Oct/2008:13:05:40 +0200] - Sending dirsync search request
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): Beginning linger on the
connection
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): Linger timeout has expired on the
connection
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): State: sending_updates ->
wait_for_changes
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): Disconnected from the consumer

>From the AD side I get this in the event-log:

Internal event: The LDAP server returned an error.

Additional Data
Error value:
00002105: LdapErr: DSID-0C0907C9, comment: Error processing control,
data 0, vece

Anyone familiar with these problems?

Looks like AD received an invalid LDAP message. I've seen this before
when the DirSync control is not formed correctly. But I'm not sure how
this could happen. I suggest running tcpdump or wireshark to capture
the LDAP traffic between Fedora DS and AD to see what LDAP message is
being sent.

Do you know if it is possible to log all ldap-queries sent to AD from DS? I have
enabled all possible logging, but I cannot find the query from the full re-sync
operation in the logs.

Best regards,

Erling

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

On Thu, Oct 9, 2008 at 3:20 PM, Rich Megginson <rmeggins@redhat.com> wrote:
[...]
>
> Looks like AD received an invalid LDAP message. I've seen this before when
> the DirSync control is not formed correctly. But I'm not sure how this
> could happen. I suggest running tcpdump or wireshark to capture the LDAP
> traffic between Fedora DS and AD to see what LDAP message is being sent.

Thanks for the suggestion. I will try tomorrow.


Erling

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users