Hello,
Recently we've upgraded our fds servers (1.1.3) to 389 (1.2.2). Doing
so seems to have broken password sync from 389 to Active Directory. All
other attributes are passing fine and passync from AD to 389 is working.
The AD machine has not been updated since before the upgrade of 389, at
which time the sync still worked.

No error occurs in the log, but the sync takes 10 minutes before timing
out and claiming success. After turning on more logging, the error log
reports:

"AD already has the current password for <CN>. Not sending password
modify to AD."

I brought this up on IRC the other day and got a response that this is
most likely bug:
https://bugzilla.redhat.com/show_bug.cgi?id=537956

(I think thats the bug, bugzilla is down for maintenance at the time of
this email)

Today I went and re-installed a new server and put fedora-ds on by
excluding the 389* packages. I imported my directory and enabled
windows sync on this system. The password sync works fine from this new
system.

Has anyone run into a similar issue?
Is there a way to downgrade after upgrading to 389?
Could the issue have anything to do with the name of the service (i.e.
changing a config parameter that windows sync uses from fedora-ds- to
389-)?
Could this still be the same bug as listed above, or should I open a new
one?


All fds/389 systems are centos 5.4

Packages on Working sync:

fedora-ds-console-1.2.0-1.fc6
fedora-ds-base-1.2.0-2.fc6
fedora-ds-dsgw-1.1.2-1.fc6
fedora-ds-admin-1.1.7-3.fc6
fedora-ds-1.1.3-1.fc6
fedora-ds-admin-console-1.1.3-1.fc6


Packages Non-working sync:

389-ds-console-1.2.0-4.el5
389-admin-1.1.8-4.el5
389-console-1.1.3-3.el5
389-ds-console-doc-1.2.0-4.el5
389-ds-1.1.3-4.el5
389-admin-console-1.1.4-1.el5
389-admin-console-doc-1.1.4-1.el5
389-adminutil-1.1.8-3.el5
389-ds-base-1.2.2-1.el5
389-dsgw-1.1.4-1.el5







IMPORTANT:
This transmission is sent on behalf of Knouse Foods ® for business
purposes. It is for the intended recipient only. If you are not the intended
recipient or a person responsible for delivering this transmission to
the intended recipient, you may not disclose, copy or distribute this
transmission or take any action in reliance on it. If you received this
transmission in error, please notify us immediately by replying to this
Email message, and please dispose of and delete this transmission.
Thank you.

--
389 users mailing list
389-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

We just noticed this problem last week as well. I submitted bug:
https://bugzilla.redhat.com/show_bug.cgi?id=549384

Rich Megginson wrote:

Jason Solan wrote:

Hello,
Recently we've upgraded our fds servers (1.1.3) to 389 (1.2.2). Doing
so seems to have broken password sync from 389 to Active Directory. All
other attributes are passing fine and passync from AD to 389 is working.
The AD machine has not been updated since before the upgrade of 389, at
which time the sync still worked.

No error occurs in the log, but the sync takes 10 minutes before timing
out and claiming success. After turning on more logging, the error log
reports:

"AD already has the current password for <CN>. Not sending password
modify to AD."

I brought this up on IRC the other day and got a response that this is
most likely bug:
https://bugzilla.redhat.com/show_bug.cgi?id=537956

(I think thats the bug, bugzilla is down for maintenance at the time of
this email)

Today I went and re-installed a new server and put fedora-ds on by
excluding the 389* packages. I imported my directory and enabled
windows sync on this system. The password sync works fine from this new
system.

Has anyone run into a similar issue?
Is there a way to downgrade after upgrading to 389?
Could the issue have anything to do with the name of the service (i.e.
changing a config parameter that windows sync uses from fedora-ds- to
389-)?
Could this still be the same bug as listed above, or should I open a new
one?


Please open a new bug.


All fds/389 systems are centos 5.4

Packages on Working sync:

fedora-ds-console-1.2.0-1.fc6
fedora-ds-base-1.2.0-2.fc6
fedora-ds-dsgw-1.1.2-1.fc6
fedora-ds-admin-1.1.7-3.fc6
fedora-ds-1.1.3-1.fc6
fedora-ds-admin-console-1.1.3-1.fc6


Packages Non-working sync:

389-ds-console-1.2.0-4.el5
389-admin-1.1.8-4.el5
389-console-1.1.3-3.el5
389-ds-console-doc-1.2.0-4.el5
389-ds-1.1.3-4.el5
389-admin-console-1.1.4-1.el5
389-admin-console-doc-1.1.4-1.el5
389-adminutil-1.1.8-3.el5
389-ds-base-1.2.2-1.el5
389-dsgw-1.1.4-1.el5







IMPORTANT: This transmission is sent on behalf of Knouse Foods ® for
business
purposes. It is for the intended recipient only. If you are not the
intended

recipient or a person responsible for delivering this transmission to
the intended recipient, you may not disclose, copy or distribute this
transmission or take any action in reliance on it. If you received this
transmission in error, please notify us immediately by replying to this
Email message, and please dispose of and delete this transmission.
Thank you.

--
389 users mailing list
389-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
389 users mailing list
389-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users


--
389 users mailing list
389-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users