Windows Sync Agreement Help
Hi,
We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5 and attempt to synchronize with the existing 2003 Windows AD server. Performing* the full sync completed. There is no user created in the DS subtree. We would like to perform one way Sync:* AD ----> DS. Once it works, we will set up the password Sync from the AD to DS. AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com DS:** ou=Peoples,dc=domain,dc=com errors log: [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent 0 entries. access log: 26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync, cn=replica, cn=22dc=algonquincollege, dc=com22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101 nentries=1 etime=0 Thanks. Albert -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
Windows Sync Agreement Help
On 05/26/2011 08:58 AM, Albert Teh wrote:
Hi, We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5 and attempt to synchronize with the existing 2003 Windows AD server. Performing* the full sync completed. There is no user created in the DS subtree. We would like to perform one way Sync:* AD ----> DS. Once it works, we will set up the password Sync from the AD to DS. One way sync isn't supported with 8.1.0.* I suggest using 389-ds-base 1.2.8.3 from EPEL5 which does support one way sync.* http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com DS:** ou=Peoples,dc=domain,dc=com errors log: [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent 0 entries. access log: 26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync, cn=replica, cn=22dc=algonquincollege, dc=com22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101 nentries=1 etime=0 Thanks. Albert -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
Windows Sync Agreement Help
Hi Rich,
I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added onewaysync set as fromWindows in the multimaster replication plugin. I still got the same result with no user created in the DS subtree. Errors log: [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". Sent 0 entries. Access log: [27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101 nentries=1 etime= Thanks for your help. Albert On Thu, May 26, 2011 at 11:13 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/26/2011 08:58 AM, Albert Teh wrote: Hi, We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5 and attempt to synchronize with the existing 2003 Windows AD server. Performing* the full sync completed. There is no user created in the DS subtree. We would like to perform one way Sync:* AD ----> DS. Once it works, we will set up the password Sync from the AD to DS. One way sync isn't supported with 8.1.0.* I suggest using 389-ds-base 1.2.8.3 from EPEL5 which does support one way sync.* http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com DS:** ou=Peoples,dc=domain,dc=com errors log: [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent 0 entries. access log: 26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync, cn=replica, cn=22dc=algonquincollege, dc=com22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101 nentries=1 etime=0 Thanks. Albert -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Albert Teh Email: Teh.Albert@Gmail.com -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
Windows Sync Agreement Help
It could have different reasons:
- do a ldapsearch -D cn=Directory Manager -b cn=config cn=ADSync and check the output so that replicabase subtrees are correct in the both worlds Any descendant container entries (ou's) need to be created separately in Directory by an administrator; Windows Sync does not create container entries. - check with ldapsearch command that the Sync User can bind on AD - check the permissions of the sync user in AD, it should be a domain administrator, also if you want to sync only from AD to DS. Regards Carsten ----- Ursprüngliche Nachricht ----- Von: Albert Teh <teh.albert@gmail.com> Datum: Freitag, 27. Mai 2011, 12:22 Betreff: Re: [389-users] Windows Sync Agreement Help An: Rich Megginson <rmeggins@redhat.com> Cc: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org> > Hi Rich, > > I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added > onewaysync set as fromWindows in the multimaster replication > plugin. I still got the same result with no user created in the > DS subtree. > > Errors log: > > > [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning > total update of replica "agmt="cn=ADSync" > (wodcstage-1:389)". > [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished > total update of replica "agmt="cn=ADSync" > (wodcstage-1:389)". Sent 0 entries. > > > > Access log: > > [27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH > base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" > > [27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101 > nentries=1 etime= > > Thanks for your help. > > Albert > > > > On Thu, May 26, 2011 at 11:13 AM, Rich Megginson <rmeggins@redhat.com> wrote: > > > > > > > > On 05/26/2011 08:58 AM, Albert Teh wrote: > Hi, > > > > We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5 > and attempt to synchronize with the existing 2003 Windows AD > server. > > Performing* the full sync completed. There is no user created in > the DS subtree. > > > > We would like to perform one way Sync:* AD ----> DS. Once it > works, we will set up the password Sync from the AD to DS. > > > One way sync isn't supported with 8.1.0.* I suggest using > 389-ds-base 1.2.8.3 from EPEL5 which does support one way sync.* > http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync > > > > AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com > > DS:** ou=Peoples,dc=domain,dc=com > > > > errors log: > > > > > > [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning > total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". > > [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished > total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent > 0 entries. > > > > access log: > > > > 26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync, > cn=replica, cn=22dc=algonquincollege, dc=com22, cn=mapping tree, > cn=config" scope=0 > filter="(|(objectClass=*)(objectClass=ldapsubentry ))" > attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd > nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus > nsds5replicaUpdateInProgress nsds5replicaLastInitStart > nsds5replicaLastInitEnd nsds5replicaLastInitStatus > nsds5BeginReplicaRefresh" > > [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101 > nentries=1 etime=0 > > > > > > Thanks. > > Albert > > > > > > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > > > > -- > Albert Teh > Email: Teh.Albert@Gmail.com > > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
Windows Sync Agreement Help
On 05/27/2011 04:22 AM, Albert Teh wrote:
Hi Rich, I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added onewaysync set as fromWindows in the multimaster replication plugin. I still got the same result with no user created in the DS subtree. Have you read http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync Errors log: [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". Sent 0 entries. Access log: [27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101 nentries=1 etime= Thanks for your help. Albert On Thu, May 26, 2011 at 11:13 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/26/2011 08:58 AM, Albert Teh wrote: Hi, We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5 and attempt to synchronize with the existing 2003 Windows AD server. Performing* the full sync completed. There is no user created in the DS subtree. We would like to perform one way Sync:* AD ----> DS. Once it works, we will set up the password Sync from the AD to DS. One way sync isn't supported with 8.1.0.* I suggest using 389-ds-base 1.2.8.3 from EPEL5 which does support one way sync.* http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com DS:** ou=Peoples,dc=domain,dc=com errors log: [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent 0 entries. access log: 26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync, cn=replica, cn=22dc=algonquincollege, dc=com22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101 nentries=1 etime=0 Thanks. Albert -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Albert Teh Email: Teh.Albert@Gmail.com -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
Windows Sync Agreement Help
Hi Rich,
I followed the Guide and still got the same result. Checked with* the AD administrator, the AD's user: mailadm has a full privilege. Thanks. Albert * * Here is the Windows Sync Agreement info: [root@algldap slapd-algldap]# /usr/lib/mozldap/ldapsearch -w - -D cn="Directory Manager" -b cn=config cn=ADSync Enter bind password: version: 1 dn: cn=ADSync,cn=replica,cn=dc3Dalgonquincollege2Cdc3D com,cn=mapping tree,c *n=config objectClass: top objectClass: nsDSWindowsReplicationAgreement description: AD Sync Agreement cn: ADSync nsds7WindowsReplicaSubtree: cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=co *m nsds7DirectoryReplicaSubtree: ou=People, dc=algonquincollege,dc=com nsds7NewWinUserSyncEnabled: on nsds7NewWinGroupSyncEnabled: on nsds7WindowsDomain: ottawa.ad.algonquincollege.com nsDS5ReplicaRoot: dc=algonquincollege,dc=com nsDS5ReplicaHost: wodcstage-1.ottawa.ad.algonquincollege.com nsDS5ReplicaPort: 389 nsDS5ReplicaBindDN: cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinco llege,dc *=com nsDS5ReplicaBindMethod: SIMPLE nsDS5ReplicaCredentials: {DES}U68ooQM3C15xjJ/taDmy0A== nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20110530141648Z nsds5replicaLastUpdateEnd: 20110530141648Z nsds5replicaChangesSentSinceStartup: nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd *ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 20110530140648Z nsds5replicaLastInitEnd: 20110530140648Z nsds5replicaLastInitStatus: 0 Total update succeeded [root@algldap slapd-algldap]# On Fri, May 27, 2011 at 10:57 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/27/2011 04:22 AM, Albert Teh wrote: Hi Rich, I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added onewaysync set as fromWindows in the multimaster replication plugin. I still got the same result with no user created in the DS subtree. Have you read http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync Errors log: [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". Sent 0 entries. Access log: [27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101 nentries=1 etime= Thanks for your help. Albert On Thu, May 26, 2011 at 11:13 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/26/2011 08:58 AM, Albert Teh wrote: Hi, We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5 and attempt to synchronize with the existing 2003 Windows AD server. Performing* the full sync completed. There is no user created in the DS subtree. We would like to perform one way Sync:* AD ----> DS. Once it works, we will set up the password Sync from the AD to DS. One way sync isn't supported with 8.1.0.* I suggest using 389-ds-base 1.2.8.3 from EPEL5 which does support one way sync.* http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com DS:** ou=Peoples,dc=domain,dc=com errors log: [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent 0 entries. access log: 26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync, cn=replica, cn=22dc=algonquincollege, dc=com22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101 nentries=1 etime=0 Thanks. Albert -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Albert Teh Email: Teh.Albert@Gmail.com -- Albert Teh Email: Teh.Albert@Gmail.com -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
Windows Sync Agreement Help
On 05/30/2011 08:32 AM, Albert Teh wrote:
Hi Rich, I followed the Guide and still got the same result. Checked with* the AD administrator, the AD's user: mailadm has a full privilege. /usr/bin/ldapsearch -x -w - -D cn="Directory Manager"-b "ou=People,dc=algonquincollege,dc=com" "(|(objectclass=ntuser)(objectclass=ntgroup))" How many entries match that search? Thanks. Albert * * Here is the Windows Sync Agreement info: [root@algldap slapd-algldap]# /usr/lib/mozldap/ldapsearch -w - -D cn="Directory Manager" -b cn=config cn=ADSync Enter bind password: version: 1 dn: cn=ADSync,cn=replica,cn=dc3Dalgonquincollege2Cdc3D com,cn=mapping tree,c *n=config objectClass: top objectClass: nsDSWindowsReplicationAgreement description: AD Sync Agreement cn: ADSync nsds7WindowsReplicaSubtree: cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=co *m nsds7DirectoryReplicaSubtree: ou=People, dc=algonquincollege,dc=com nsds7NewWinUserSyncEnabled: on nsds7NewWinGroupSyncEnabled: on nsds7WindowsDomain: ottawa.ad.algonquincollege.com nsDS5ReplicaRoot: dc=algonquincollege,dc=com nsDS5ReplicaHost: wodcstage-1.ottawa.ad.algonquincollege.com nsDS5ReplicaPort: 389 nsDS5ReplicaBindDN: cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinco llege,dc *=com nsDS5ReplicaBindMethod: SIMPLE nsDS5ReplicaCredentials: {DES}U68ooQM3C15xjJ/taDmy0A== nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20110530141648Z nsds5replicaLastUpdateEnd: 20110530141648Z nsds5replicaChangesSentSinceStartup: nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd *ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 20110530140648Z nsds5replicaLastInitEnd: 20110530140648Z nsds5replicaLastInitStatus: 0 Total update succeeded [root@algldap slapd-algldap]# On Fri, May 27, 2011 at 10:57 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/27/2011 04:22 AM, Albert Teh wrote: Hi Rich, I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added onewaysync set as fromWindows in the multimaster replication plugin. I still got the same result with no user created in the DS subtree. Have you read http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync Errors log: [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". Sent 0 entries. Access log: [27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101 nentries=1 etime= Thanks for your help. Albert On Thu, May 26, 2011 at 11:13 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/26/2011 08:58 AM, Albert Teh wrote: Hi, We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5 and attempt to synchronize with the existing 2003 Windows AD server. Performing* the full sync completed. There is no user created in the DS subtree. We would like to perform one way Sync:* AD ----> DS. Once it works, we will set up the password Sync from the AD to DS. One way sync isn't supported with 8.1.0.* I suggest using 389-ds-base 1.2.8.3 from EPEL5 which does support one way sync.* http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com DS:** ou=Peoples,dc=domain,dc=com errors log: [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent 0 entries. access log: 26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync, cn=replica, cn=22dc=algonquincollege, dc=com22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101 nentries=1 etime=0 Thanks. Albert -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Albert Teh Email: Teh.Albert@Gmail.com -- Albert Teh Email: Teh.Albert@Gmail.com -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
Windows Sync Agreement Help
HI Rich,
[root@algldap ~]# /usr/lib/mozldap/ldapsearch -x -w - -D cn="Directory Manager" -b "ou=People,dc=algonquincollege,dc=com" "(|(objectclass=ntuser)(objectclass=ntgroup))" Enter bind password: [root@algldap ~]# No Entry found !!!. Thanks. Albert On Tue, May 31, 2011 at 11:42 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/30/2011 08:32 AM, Albert Teh wrote: Hi Rich, I followed the Guide and still got the same result. Checked with* the AD administrator, the AD's user: mailadm has a full privilege. /usr/bin/ldapsearch -x -w - -D cn="Directory Manager"-b "ou=People,dc=algonquincollege,dc=com" "(|(objectclass=ntuser)(objectclass=ntgroup))" How many entries match that search? Thanks. Albert * * Here is the Windows Sync Agreement info: [root@algldap slapd-algldap]# /usr/lib/mozldap/ldapsearch -w - -D cn="Directory Manager" -b cn=config cn=ADSync Enter bind password: version: 1 dn: cn=ADSync,cn=replica,cn=dc3Dalgonquincollege2Cdc3D com,cn=mapping tree,c *n=config objectClass: top objectClass: nsDSWindowsReplicationAgreement description: AD Sync Agreement cn: ADSync nsds7WindowsReplicaSubtree: cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=co *m nsds7DirectoryReplicaSubtree: ou=People, dc=algonquincollege,dc=com nsds7NewWinUserSyncEnabled: on nsds7NewWinGroupSyncEnabled: on nsds7WindowsDomain: ottawa.ad.algonquincollege.com nsDS5ReplicaRoot: dc=algonquincollege,dc=com nsDS5ReplicaHost: wodcstage-1.ottawa.ad.algonquincollege.com nsDS5ReplicaPort: 389 nsDS5ReplicaBindDN: cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinco llege,dc *=com nsDS5ReplicaBindMethod: SIMPLE nsDS5ReplicaCredentials: {DES}U68ooQM3C15xjJ/taDmy0A== nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20110530141648Z nsds5replicaLastUpdateEnd: 20110530141648Z nsds5replicaChangesSentSinceStartup: nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd *ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 20110530140648Z nsds5replicaLastInitEnd: 20110530140648Z nsds5replicaLastInitStatus: 0 Total update succeeded [root@algldap slapd-algldap]# On Fri, May 27, 2011 at 10:57 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/27/2011 04:22 AM, Albert Teh wrote: Hi Rich, I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added onewaysync set as fromWindows in the multimaster replication plugin. I still got the same result with no user created in the DS subtree. Have you read http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync Errors log: [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". Sent 0 entries. Access log: [27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101 nentries=1 etime= Thanks for your help. Albert On Thu, May 26, 2011 at 11:13 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/26/2011 08:58 AM, Albert Teh wrote: Hi, We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5 and attempt to synchronize with the existing 2003 Windows AD server. Performing* the full sync completed. There is no user created in the DS subtree. We would like to perform one way Sync:* AD ----> DS. Once it works, we will set up the password Sync from the AD to DS. One way sync isn't supported with 8.1.0.* I suggest using 389-ds-base 1.2.8.3 from EPEL5 which does support one way sync.* http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com DS:** ou=Peoples,dc=domain,dc=com errors log: [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent 0 entries. access log: 26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync, cn=replica, cn=22dc=algonquincollege, dc=com22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101 nentries=1 etime=0 Thanks. Albert -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Albert Teh Email: Teh.Albert@Gmail.com -- Albert Teh Email: Teh.Albert@Gmail.com -- Albert Teh Email: Teh.Albert@Gmail.com -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
Windows Sync Agreement Help
On 05/31/2011 10:30 AM, Albert Teh wrote:
HI Rich, [root@algldap ~]# /usr/lib/mozldap/ldapsearch -x -w - -D cn="Directory Manager" -b "ou=People,dc=algonquincollege,dc=com" "(|(objectclass=ntuser)(objectclass=ntgroup))" Enter bind password: [root@algldap ~]# No Entry found !!!. You have to tell directory server which entries you want to sync. See http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync Thanks. Albert On Tue, May 31, 2011 at 11:42 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/30/2011 08:32 AM, Albert Teh wrote: Hi Rich, I followed the Guide and still got the same result. Checked with* the AD administrator, the AD's user: mailadm has a full privilege. /usr/bin/ldapsearch -x -w - -D cn="Directory Manager"-b "ou=People,dc=algonquincollege,dc=com" "(|(objectclass=ntuser)(objectclass=ntgroup))" How many entries match that search? Thanks. Albert * * Here is the Windows Sync Agreement info: [root@algldap slapd-algldap]# /usr/lib/mozldap/ldapsearch -w - -D cn="Directory Manager" -b cn=config cn=ADSync Enter bind password: version: 1 dn: cn=ADSync,cn=replica,cn=dc3Dalgonquincollege2Cdc3D com,cn=mapping tree,c *n=config objectClass: top objectClass: nsDSWindowsReplicationAgreement description: AD Sync Agreement cn: ADSync nsds7WindowsReplicaSubtree: cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=co *m nsds7DirectoryReplicaSubtree: ou=People, dc=algonquincollege,dc=com nsds7NewWinUserSyncEnabled: on nsds7NewWinGroupSyncEnabled: on nsds7WindowsDomain: ottawa.ad.algonquincollege.com nsDS5ReplicaRoot: dc=algonquincollege,dc=com nsDS5ReplicaHost: wodcstage-1.ottawa.ad.algonquincollege.com nsDS5ReplicaPort: 389 nsDS5ReplicaBindDN: cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinco llege,dc *=com nsDS5ReplicaBindMethod: SIMPLE nsDS5ReplicaCredentials: {DES}U68ooQM3C15xjJ/taDmy0A== nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20110530141648Z nsds5replicaLastUpdateEnd: 20110530141648Z nsds5replicaChangesSentSinceStartup: nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd *ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 20110530140648Z nsds5replicaLastInitEnd: 20110530140648Z nsds5replicaLastInitStatus: 0 Total update succeeded [root@algldap slapd-algldap]# On Fri, May 27, 2011 at 10:57 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/27/2011 04:22 AM, Albert Teh wrote: Hi Rich, I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added onewaysync set as fromWindows in the multimaster replication plugin. I still got the same result with no user created in the DS subtree. Have you read http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync Errors log: [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". Sent 0 entries. Access log: [27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101 nentries=1 etime= Thanks for your help. Albert On Thu, May 26, 2011 at 11:13 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/26/2011 08:58 AM, Albert Teh wrote: Hi, We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5 and attempt to synchronize with the existing 2003 Windows AD server. Performing* the full sync completed. There is no user created in the DS subtree. We would like to perform one way Sync:* AD ----> DS. Once it works, we will set up the password Sync from the AD to DS. One way sync isn't supported with 8.1.0.* I suggest using 389-ds-base 1.2.8.3 from EPEL5 which does support one way sync.* http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com DS:** ou=Peoples,dc=domain,dc=com errors log: [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent 0 entries. access log: 26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync, cn=replica, cn=22dc=algonquincollege, dc=com22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101 nentries=1 etime=0 Thanks. Albert -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Albert Teh Email: Teh.Albert@Gmail.com -- Albert Teh Email: Teh.Albert@Gmail.com -- Albert Teh Email: Teh.Albert@Gmail.com -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
Windows Sync Agreement Help
On Tue, May 31, 2011 at 2:58 PM, Rich Megginson <rmeggins@redhat.com> wrote:
On 05/31/2011 12:49 PM, Albert Teh wrote: Hi Rich, Sorry, What I understand doing the OneWay Sync from the AD to the DS Users in the Active Directory domain are synced if it is configured in the sync agreement by selecting the Sync New Windows Users option. All of the Windows users are copied to the Directory Server when synchronization is initiated and then new users are synced over when they are created. I do not need to do any AD to DS Group Sync and I am not doing any DS sync to the AD. /usr/lib/mozldap/ldapsearch -x -h wodcstage-1.ottawa.ad.algonquincollege.com -w - -D "cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinc ollege,dc=com" -s base -b "" "objectclass=*" You should get the contents of the AD /usr/lib/mozldap/ldapsearch -x -h wodcstage-1.ottawa.ad.algonquincollege.com -w - -D "cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinc ollege,dc=com" -s sub -b "cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=c om" "objectclass=person" you should get the list of users Thanks. Al On Tue, May 31, 2011 at 1:40 PM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/31/2011 10:30 AM, Albert Teh wrote: HI Rich, [root@algldap ~]# /usr/lib/mozldap/ldapsearch -x -w - -D cn="Directory Manager" -b "ou=People,dc=algonquincollege,dc=com" "(|(objectclass=ntuser)(objectclass=ntgroup))" Enter bind password: [root@algldap ~]# No Entry found !!!. You have to tell directory server which entries you want to sync. See http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync Thanks. Albert On Tue, May 31, 2011 at 11:42 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/30/2011 08:32 AM, Albert Teh wrote: Hi Rich, I followed the Guide and still got the same result. Checked with* the AD administrator, the AD's user: mailadm has a full privilege. /usr/bin/ldapsearch -x -w - -D cn="Directory Manager"-b "ou=People,dc=algonquincollege,dc=com" "(|(objectclass=ntuser)(objectclass=ntgroup))" How many entries match that search? Thanks. Albert * * Here is the Windows Sync Agreement info: [root@algldap slapd-algldap]# /usr/lib/mozldap/ldapsearch -w - -D cn="Directory Manager" -b cn=config cn=ADSync Enter bind password: version: 1 dn: cn=ADSync,cn=replica,cn=dc3Dalgonquincollege2Cdc3D com,cn=mapping tree,c *n=config objectClass: top objectClass: nsDSWindowsReplicationAgreement description: AD Sync Agreement cn: ADSync nsds7WindowsReplicaSubtree: cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=co *m nsds7DirectoryReplicaSubtree: ou=People, dc=algonquincollege,dc=com nsds7NewWinUserSyncEnabled: on nsds7NewWinGroupSyncEnabled: on nsds7WindowsDomain: ottawa.ad.algonquincollege.com nsDS5ReplicaRoot: dc=algonquincollege,dc=com nsDS5ReplicaHost: wodcstage-1.ottawa.ad.algonquincollege.com nsDS5ReplicaPort: 389 nsDS5ReplicaBindDN: cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinco llege,dc *=com nsDS5ReplicaBindMethod: SIMPLE nsDS5ReplicaCredentials: {DES}U68ooQM3C15xjJ/taDmy0A== nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20110530141648Z nsds5replicaLastUpdateEnd: 20110530141648Z nsds5replicaChangesSentSinceStartup: nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd *ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 20110530140648Z nsds5replicaLastInitEnd: 20110530140648Z nsds5replicaLastInitStatus: 0 Total update succeeded [root@algldap slapd-algldap]# On Fri, May 27, 2011 at 10:57 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/27/2011 04:22 AM, Albert Teh wrote: Hi Rich, I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added onewaysync set as fromWindows in the multimaster replication plugin. I still got the same result with no user created in the DS subtree. Have you read http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync Errors log: [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". Sent 0 entries. Access log: [27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101 nentries=1 etime= Thanks for your help. Albert On Thu, May 26, 2011 at 11:13 AM, Rich Megginson <rmeggins@redhat.com> wrote: On 05/26/2011 08:58 AM, Albert Teh wrote: Hi, We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5 and attempt to synchronize with the existing 2003 Windows AD server. Performing* the full sync completed. There is no user created in the DS subtree. We would like to perform one way Sync:* AD ----> DS. Once it works, we will set up the password Sync from the AD to DS. One way sync isn't supported with 8.1.0.* I suggest using 389-ds-base 1.2.8.3 from EPEL5 which does support one way sync.* http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com DS:** ou=Peoples,dc=domain,dc=com errors log: [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent 0 entries. access log: 26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync, cn=replica, cn=22dc=algonquincollege, dc=com22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101 nentries=1 etime=0 Thanks. Albert -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Albert Teh Email: Teh.Albert@Gmail.com -- Albert Teh Email: Teh.Albert@Gmail.com -- Albert Teh Email: Teh.Albert@Gmail.com -- Albert Teh Email: Teh.Albert@Gmail.com HI Rich, These two commands worked and got the result. I have been gone through* the Windows Sync agreement setup for many times. I could not figure out what went wrong. Thanks a lot for your help again. Albert * /usr/lib/mozldap/ldapsearch -x -h wodcstage-1.ottawa.ad.algonquincollege.com -w - -D "cn=mailadm,cn=Users,dc=[root@algldap ~]# /usr/lib/mozldap/ldapsearch -x -h wodcstage-1.ottawa.ad.algonquincollege.com -w - -D "cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinc ollege,dc=com" -s base -b "" "objectclass=*"*********************************** ******* Enter bind password: version: 1 dn: currentTime: 20110601001342.0Z subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=ad,DC=a lgonquinc *ollege,DC=com dsServiceName: CN=NTDS Settings,CN=WODCSTAGE-1,CN=Servers,CN=Default-First-Sit *e-Name,CN=Sites,CN=Configuration,DC=ad,DC=algonquinc ollege,DC=com namingContexts: CN=Configuration,DC=ad,DC=algonquincollege,DC=com namingContexts: CN=Schema,CN=Configuration,DC=ad,DC=algonquincolle ge,DC=com namingContexts: DC=ottawa,DC=ad,DC=algonquincollege,DC=com defaultNamingContext: DC=ottawa,DC=ad,DC=algonquincollege,DC=com schemaNamingContext: CN=Schema,CN=Configuration,DC=ad,DC=algonquincolle ge,DC=c *om configurationNamingContext: CN=Configuration,DC=ad,DC=algonquincollege,DC=com rootDomainNamingContext: DC=ad,DC=algonquincollege,DC=com supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.840.113556.1.4.801 supportedControl: 1.2.840.113556.1.4.473 supportedControl: 1.2.840.113556.1.4.528 supportedControl: 1.2.840.113556.1.4.417 supportedControl: 1.2.840.113556.1.4.619 supportedControl: 1.2.840.113556.1.4.841 supportedControl: 1.2.840.113556.1.4.529 supportedControl: 1.2.840.113556.1.4.805 supportedControl: 1.2.840.113556.1.4.521 supportedControl: 1.2.840.113556.1.4.970 supportedControl: 1.2.840.113556.1.4.1338 supportedControl: 1.2.840.113556.1.4.474 supportedControl: 1.2.840.113556.1.4.1339 supportedControl: 1.2.840.113556.1.4.1340 supportedControl: 1.2.840.113556.1.4.1413 supportedControl: 2.16.840.1.113730.3.4.9 supportedControl: 2.16.840.1.113730.3.4.10 supportedControl: 1.2.840.113556.1.4.1504 supportedControl: 1.2.840.113556.1.4.1852 supportedControl: 1.2.840.113556.1.4.802 supportedControl: 1.2.840.113556.1.4.1907 supportedControl: 1.2.840.113556.1.4.1948 supportedLDAPVersion: 3 supportedLDAPVersion: 2 supportedLDAPPolicies: MaxPoolThreads supportedLDAPPolicies: MaxDatagramRecv supportedLDAPPolicies: MaxReceiveBuffer supportedLDAPPolicies: InitRecvTimeout supportedLDAPPolicies: MaxConnections supportedLDAPPolicies: MaxConnIdleTime supportedLDAPPolicies: MaxPageSize supportedLDAPPolicies: MaxQueryDuration supportedLDAPPolicies: MaxTempTableSize supportedLDAPPolicies: MaxResultSetSize supportedLDAPPolicies: MaxNotificationPerConn supportedLDAPPolicies: MaxValRange highestCommittedUSN: 3103418 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: GSS-SPNEGO supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: DIGEST-MD5 dnsHostName: WODCStage-1.ottawa.ad.algonquincollege.com ldapServiceName: ad.algonquincollege.com:wodcstage-1$@OTTAWA.AD.ALGONQUINCOLLE *GE.COM serverName: CN=WODCSTAGE-1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=C *onfiguration,DC=ad,DC=algonquincollege,DC=com supportedCapabilities: 1.2.840.113556.1.4.800 supportedCapabilities: 1.2.840.113556.1.4.1670 supportedCapabilities: 1.2.840.113556.1.4.1791 isSynchronized: TRUE isGlobalCatalogReady: TRUE domainFunctionality: 2 forestFunctionality: 2 domainControllerFunctionality: 2 [root@algldap ~]# Partial out: [root@algldap ~]# /usr/lib/mozldap/ldapsearch -x -h wodcstage-1.ottawa.ad.algonquincollege.com -w - -D "cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinc ollege,dc=com" -s sub -b "cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=c om" "objectclass=person" | more Enter bind password: version: 1 dn: CN=isp-transfer,CN=Users,DC=ottawa,DC=ad,DC=algonquincoll ege,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: isp-transfer description: Transfer for Genesis Data to International Student Program share givenName: isp-transfer distinguishedName: CN=isp-transfer,CN=Users,DC=ottawa,DC=ad,DC=algonquincoll eg *e,DC=com instanceType: 4 whenCreated: 20040517155823.0Z whenChanged: 20081016173006.0Z displayName: isp-transfer uSNCreated: 255422 memberOf: CN=NAS_Transfer_Genesis_ISP,OU=Groups,DC=ottawa,DC =ad,DC=algonquinco *llege,DC=com uSNChanged: 255422 name: isp-transfer objectGUID:: EaeRW3KiMUac6hzEs//X/g== userAccountControl: 66048 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 pwdLastSet: 127292831041031250 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAArhyVdhR1dBOOfkA4DN8BAA== accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: isp-transfer sAMAccountType: 805306368 userPrincipalName: isp-transfer@algonquincollege.com lockoutTime: 0 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ad,DC=algo nquincollege *,DC=com dSCorePropagationData: 20110131155635.0Z dSCorePropagationData: 20091227191115.0Z dSCorePropagationData: 20090127144505.0Z dSCorePropagationData: 20081201175842.0Z dSCorePropagationData: 16010714223649.0Z lastLogonTimestamp: 128686221598537375 dn: CN=heatweb,CN=Users,DC=ottawa,DC=ad,DC=algonquinco llege,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: heatweb sn: heatweb description: Used to communicate between HEAT and IIS distinguishedName: CN=heatweb,CN=Users,DC=ottawa,DC=ad,DC=algonquinco llege,DC= *com instanceType: 4 whenCreated: 20050218192725.0Z whenChanged: 20081016172611.0Z displayName: heatweb uSNCreated: 89976 memberOf: CN=Heat Users,OU=Groups,DC=ottawa,DC=ad,DC=algonquincolleg e,DC=com uSNChanged: 89976 name: heatweb objectGUID:: 07KJaAgkGUapXbQN7VprrQ== userAccountControl: 66048 badPwdCount: 0 codePage: 0 countryCode: 0 -- Albert Teh Email: Teh.Albert@Gmail.com -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
| All times are GMT. The time now is 06:28 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.