Hi,

We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5 and attempt to synchronize with the existing 2003 Windows AD server.
Performing* the full sync completed. There is no user created in the DS subtree.


We would like to perform one way Sync:* AD ----> DS. Once it works, we will set up the password Sync from the AD to DS.

AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com
DS:** ou=Peoples,dc=domain,dc=com


errors log:


[26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADsync" (wodcstage-1:389)".
[26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent 0 entries.


access log:

26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync, cn=replica, cn=22dc=algonquincollege, dc=com22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"

[26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101 nentries=1 etime=0


Thanks.
Albert



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

On 05/26/2011 08:58 AM, Albert Teh wrote:
Hi,



We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5
and attempt to synchronize with the existing 2003 Windows AD
server.

Performing* the full sync completed. There is no user created in
the DS subtree.



We would like to perform one way Sync:* AD ----> DS. Once it
works, we will set up the password Sync from the AD to DS.


One way sync isn't supported with 8.1.0.* I suggest using
389-ds-base 1.2.8.3 from EPEL5 which does support one way sync.*
http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync



AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com

DS:** ou=Peoples,dc=domain,dc=com



errors log:





[26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning
total update of replica "agmt="cn=ADsync" (wodcstage-1:389)".

[26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished
total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent
0 entries.



access log:



26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync,
cn=replica, cn=22dc=algonquincollege, dc=com22, cn=mapping tree,
cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart
nsds5replicaLastInitEnd nsds5replicaLastInitStatus
nsds5BeginReplicaRefresh"

[26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101
nentries=1 etime=0





Thanks.

Albert







--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Hi Rich,

I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added onewaysync set as fromWindows in the multimaster replication plugin. I still got the same result with no user created in the DS subtree.

Errors log:


[27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=ADSync" (wodcstage-1:389)".
[27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". Sent 0 entries.



Access log:

[27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"

[27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101 nentries=1 etime=

Thanks for your help.

Albert



On Thu, May 26, 2011 at 11:13 AM, Rich Megginson <rmeggins@redhat.com> wrote:







On 05/26/2011 08:58 AM, Albert Teh wrote:
Hi,



We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5
and attempt to synchronize with the existing 2003 Windows AD
server.

Performing* the full sync completed. There is no user created in
the DS subtree.



We would like to perform one way Sync:* AD ----> DS. Once it
works, we will set up the password Sync from the AD to DS.


One way sync isn't supported with 8.1.0.* I suggest using
389-ds-base 1.2.8.3 from EPEL5 which does support one way sync.*
http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync



AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com

DS:** ou=Peoples,dc=domain,dc=com



errors log:





[26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning
total update of replica "agmt="cn=ADsync" (wodcstage-1:389)".

[26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished
total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent
0 entries.



access log:



26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync,
cn=replica, cn=22dc=algonquincollege, dc=com22, cn=mapping tree,
cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart
nsds5replicaLastInitEnd nsds5replicaLastInitStatus
nsds5BeginReplicaRefresh"

[26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101
nentries=1 etime=0





Thanks.

Albert






--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users







--
Albert Teh
Email: Teh.Albert@Gmail.com

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

It could have different reasons:
- do a ldapsearch -D cn=Directory Manager -b cn=config cn=ADSync and check the output so that replicabase subtrees are correct in the both worlds
Any descendant container entries (ou's) need to be created separately in Directory by an
administrator; Windows Sync does not create container entries.
- check with ldapsearch command that the Sync User can bind on AD
- check the permissions of the sync user in AD, it should be a domain administrator, also if you want to sync only from AD to DS.

Regards Carsten

----- Ursprüngliche Nachricht -----
Von: Albert Teh <teh.albert@gmail.com>
Datum: Freitag, 27. Mai 2011, 12:22
Betreff: Re: [389-users] Windows Sync Agreement Help
An: Rich Megginson <rmeggins@redhat.com>
Cc: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>

> Hi Rich,
>
> I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added
> onewaysync set as fromWindows in the multimaster replication
> plugin. I still got the same result with no user created in the
> DS subtree.
>
> Errors log:
>
>
> [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning
> total update of replica "agmt="cn=ADSync"
> (wodcstage-1:389)".
> [27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished
> total update of replica "agmt="cn=ADSync"
> (wodcstage-1:389)". Sent 0 entries.
>
>
>
> Access log:
>
> [27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH
> base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry ))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
>
> [27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101
> nentries=1 etime=
>
> Thanks for your help.
>
> Albert
>
>
>
> On Thu, May 26, 2011 at 11:13 AM, Rich Megginson <rmeggins@redhat.com> wrote:
>
>
>
>
>
>
>
> On 05/26/2011 08:58 AM, Albert Teh wrote:
> Hi,
>
>
>
> We are setting up a new CENTOS-DS version 8.1.0. and CENTOS 5.5
> and attempt to synchronize with the existing 2003 Windows AD
> server.
>
> Performing* the full sync completed. There is no user created in
> the DS subtree.
>
>
>
> We would like to perform one way Sync:* AD ----> DS. Once it
> works, we will set up the password Sync from the AD to DS.
>
>
> One way sync isn't supported with 8.1.0.* I suggest using
> 389-ds-base 1.2.8.3 from EPEL5 which does support one way sync.*
> http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync
>
>
>
> AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com
>
> DS:** ou=Peoples,dc=domain,dc=com
>
>
>
> errors log:
>
>
>
>
>
> [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Beginning
> total update of replica "agmt="cn=ADsync" (wodcstage-1:389)".
>
> [26/May/2011:10:20:34 -0400] NSMMReplicationPlugin - Finished
> total update of replica "agmt="cn=ADsync" (wodcstage-1:389)". Sent
> 0 entries.
>
>
>
> access log:
>
>
>
> 26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH base="cn=ADsync,
> cn=replica, cn=22dc=algonquincollege, dc=com22, cn=mapping tree,
> cn=config" scope=0
> filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
> attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
> nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
> nsds5replicaUpdateInProgress nsds5replicaLastInitStart
> nsds5replicaLastInitEnd nsds5replicaLastInitStatus
> nsds5BeginReplicaRefresh"
>
> [26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0 tag=101
> nentries=1 etime=0
>
>
>
>
>
> Thanks.
>
> Albert
>
>
>
>
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>
>
>
>
> --
> Albert Teh
> Email: Teh.Albert@Gmail.com
>
> > --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

On 05/27/2011 04:22 AM, Albert Teh wrote:
Hi Rich,



I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added onewaysync
set as fromWindows in the multimaster replication plugin. I still
got the same result with no user created in the DS subtree.


Have you read
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync



Errors log:



[27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning
total update of replica "agmt="cn=ADSync" (wodcstage-1:389)".

[27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished
total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". Sent
0 entries.





Access log:



[27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH
base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart
nsds5replicaLastInitEnd nsds5replicaLastInitStatus
nsds5BeginReplicaRefresh"

[27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101
nentries=1 etime=



Thanks for your help.



Albert







On Thu, May 26, 2011 at 11:13 AM, Rich
Megginson <rmeggins@redhat.com>
wrote:



On 05/26/2011 08:58 AM, Albert Teh wrote:
Hi,



We are setting up a new CENTOS-DS version 8.1.0. and
CENTOS 5.5 and attempt to synchronize with the existing
2003 Windows AD server.

Performing* the full sync completed. There is no user
created in the DS subtree.



We would like to perform one way Sync:* AD ----> DS.
Once it works, we will set up the password Sync from the
AD to DS.



One way sync isn't supported with 8.1.0.* I suggest using
389-ds-base 1.2.8.3 from EPEL5 which does support one way
sync.* http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync




AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com

DS:** ou=Peoples,dc=domain,dc=com



errors log:





[26/May/2011:10:20:34 -0400] NSMMReplicationPlugin -
Beginning total update of replica "agmt="cn=ADsync"
(wodcstage-1:389)".

[26/May/2011:10:20:34 -0400] NSMMReplicationPlugin -
Finished total update of replica "agmt="cn=ADsync"
(wodcstage-1:389)". Sent 0 entries.



access log:



26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH
base="cn=ADsync, cn=replica, cn=22dc=algonquincollege,
dc=com22, cn=mapping tree, cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
attrs="nsds5replicaLastUpdateStart
nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup
nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart
nsds5replicaLastInitEnd nsds5replicaLastInitStatus
nsds5BeginReplicaRefresh"

[26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0
tag=101 nentries=1 etime=0





Thanks.

Albert







--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users











--

Albert Teh

Email: Teh.Albert@Gmail.com






--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Hi Rich,

I followed the Guide and still got the same result. Checked with* the AD administrator, the AD's user: mailadm has a full privilege.

Thanks.
Albert
* *
Here is the Windows Sync Agreement info:


[root@algldap slapd-algldap]# /usr/lib/mozldap/ldapsearch -w - -D cn="Directory Manager" -b cn=config cn=ADSync
Enter bind password:
version: 1
dn: cn=ADSync,cn=replica,cn=dc3Dalgonquincollege2Cdc3D com,cn=mapping tree,c

*n=config
objectClass: top
objectClass: nsDSWindowsReplicationAgreement
description: AD Sync Agreement
cn: ADSync
nsds7WindowsReplicaSubtree: cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=co
*m
nsds7DirectoryReplicaSubtree: ou=People, dc=algonquincollege,dc=com

nsds7NewWinUserSyncEnabled: on
nsds7NewWinGroupSyncEnabled: on
nsds7WindowsDomain: ottawa.ad.algonquincollege.com
nsDS5ReplicaRoot: dc=algonquincollege,dc=com

nsDS5ReplicaHost: wodcstage-1.ottawa.ad.algonquincollege.com
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinco llege,dc

*=com
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaCredentials: {DES}U68ooQM3C15xjJ/taDmy0A==
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20110530141648Z
nsds5replicaLastUpdateEnd: 20110530141648Z

nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
*ate succeeded
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 20110530140648Z

nsds5replicaLastInitEnd: 20110530140648Z
nsds5replicaLastInitStatus: 0 Total update succeeded
[root@algldap slapd-algldap]#



On Fri, May 27, 2011 at 10:57 AM, Rich Megginson <rmeggins@redhat.com> wrote:







On 05/27/2011 04:22 AM, Albert Teh wrote:
Hi Rich,



I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added onewaysync
set as fromWindows in the multimaster replication plugin. I still
got the same result with no user created in the DS subtree.


Have you read
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync




Errors log:



[27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Beginning
total update of replica "agmt="cn=ADSync" (wodcstage-1:389)".

[27/May/2011:06:18:26 -0400] NSMMReplicationPlugin - Finished
total update of replica "agmt="cn=ADSync" (wodcstage-1:389)". Sent
0 entries.





Access log:



[27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH
base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart
nsds5replicaLastInitEnd nsds5replicaLastInitStatus
nsds5BeginReplicaRefresh"

[27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT err=0 tag=101
nentries=1 etime=



Thanks for your help.



Albert







On Thu, May 26, 2011 at 11:13 AM, Rich
Megginson <rmeggins@redhat.com>
wrote:



On 05/26/2011 08:58 AM, Albert Teh wrote:
Hi,



We are setting up a new CENTOS-DS version 8.1.0. and
CENTOS 5.5 and attempt to synchronize with the existing
2003 Windows AD server.

Performing* the full sync completed. There is no user
created in the DS subtree.



We would like to perform one way Sync:* AD ----> DS.
Once it works, we will set up the password Sync from the
AD to DS.



One way sync isn't supported with 8.1.0.* I suggest using
389-ds-base 1.2.8.3 from EPEL5 which does support one way
sync.* http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync




AD:** cn=Users,cn=location,dc=ad,dc=domain,dc=com

DS:** ou=Peoples,dc=domain,dc=com



errors log:





[26/May/2011:10:20:34 -0400] NSMMReplicationPlugin -
Beginning total update of replica "agmt="cn=ADsync"
(wodcstage-1:389)".

[26/May/2011:10:20:34 -0400] NSMMReplicationPlugin -
Finished total update of replica "agmt="cn=ADsync"
(wodcstage-1:389)". Sent 0 entries.



access log:



26/May/2011:10:20:37 -0400] conn=11 op=819 SRCH
base="cn=ADsync, cn=replica, cn=22dc=algonquincollege,
dc=com22, cn=mapping tree, cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
attrs="nsds5replicaLastUpdateStart
nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup
nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart
nsds5replicaLastInitEnd nsds5replicaLastInitStatus
nsds5BeginReplicaRefresh"

[26/May/2011:10:20:37 -0400] conn=11 op=819 RESULT err=0
tag=101 nentries=1 etime=0





Thanks.

Albert







--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users











--

Albert Teh

Email: Teh.Albert@Gmail.com








--
Albert Teh
Email: Teh.Albert@Gmail.com

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

On 05/30/2011 08:32 AM, Albert Teh wrote:
Hi Rich,



I followed the Guide and still got the same result. Checked with*
the AD administrator, the AD's user: mailadm has a full privilege.


/usr/bin/ldapsearch -x -w - -D cn="Directory Manager"-b
"ou=People,dc=algonquincollege,dc=com"
"(|(objectclass=ntuser)(objectclass=ntgroup))"



How many entries match that search?



Thanks.

Albert

* *

Here is the Windows Sync Agreement info:



[root@algldap slapd-algldap]# /usr/lib/mozldap/ldapsearch -w - -D
cn="Directory Manager" -b cn=config cn=ADSync

Enter bind password:

version: 1

dn:
cn=ADSync,cn=replica,cn=dc3Dalgonquincollege2Cdc3D com,cn=mapping
tree,c

*n=config

objectClass: top

objectClass: nsDSWindowsReplicationAgreement

description: AD Sync Agreement

cn: ADSync

nsds7WindowsReplicaSubtree:
cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=co

*m

nsds7DirectoryReplicaSubtree: ou=People,
dc=algonquincollege,dc=com

nsds7NewWinUserSyncEnabled: on

nsds7NewWinGroupSyncEnabled: on

nsds7WindowsDomain: ottawa.ad.algonquincollege.com

nsDS5ReplicaRoot: dc=algonquincollege,dc=com

nsDS5ReplicaHost: wodcstage-1.ottawa.ad.algonquincollege.com

nsDS5ReplicaPort: 389

nsDS5ReplicaBindDN:
cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinco llege,dc

*=com

nsDS5ReplicaBindMethod: SIMPLE

nsDS5ReplicaCredentials: {DES}U68ooQM3C15xjJ/taDmy0A==

nsds5replicareapactive: 0

nsds5replicaLastUpdateStart: 20110530141648Z

nsds5replicaLastUpdateEnd: 20110530141648Z

nsds5replicaChangesSentSinceStartup:

nsds5replicaLastUpdateStatus: 0 Replica acquired successfully:
Incremental upd

*ate succeeded

nsds5replicaUpdateInProgress: FALSE

nsds5replicaLastInitStart: 20110530140648Z

nsds5replicaLastInitEnd: 20110530140648Z

nsds5replicaLastInitStatus: 0 Total update succeeded

[root@algldap slapd-algldap]#







On Fri, May 27, 2011 at 10:57 AM, Rich
Megginson <rmeggins@redhat.com>
wrote:



On 05/27/2011 04:22 AM, Albert Teh wrote:
Hi Rich,



I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added
onewaysync set as fromWindows in the multimaster
replication plugin. I still got the same result with no
user created in the DS subtree.



Have you read
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync





Errors log:



[27/May/2011:06:18:26 -0400] NSMMReplicationPlugin -
Beginning total update of replica "agmt="cn=ADSync"
(wodcstage-1:389)".

[27/May/2011:06:18:26 -0400] NSMMReplicationPlugin -
Finished total update of replica "agmt="cn=ADSync"
(wodcstage-1:389)". Sent 0 entries.





Access log:



[27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH
base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping

tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
attrs="nsds5replicaLastUpdateStart
nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup
nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart
nsds5replicaLastInitEnd nsds5replicaLastInitStatus
nsds5BeginReplicaRefresh"

[27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT
err=0 tag=101 nentries=1 etime=



Thanks for your help.



Albert







On Thu, May 26, 2011 at 11:13
AM, Rich Megginson <rmeggins@redhat.com>
wrote:



On 05/26/2011 08:58 AM, Albert Teh wrote:
Hi,



We are setting up a new CENTOS-DS version
8.1.0. and CENTOS 5.5 and attempt to
synchronize with the existing 2003 Windows
AD server.

Performing* the full sync completed. There
is no user created in the DS subtree.



We would like to perform one way Sync:* AD
----> DS. Once it works, we will set up
the password Sync from the AD to DS.



One way sync isn't supported with 8.1.0.* I
suggest using 389-ds-base 1.2.8.3 from EPEL5
which does support one way sync.* http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync




AD:**
cn=Users,cn=location,dc=ad,dc=domain,dc=com

DS:** ou=Peoples,dc=domain,dc=com



errors log:





[26/May/2011:10:20:34 -0400]
NSMMReplicationPlugin - Beginning total
update of replica "agmt="cn=ADsync"
(wodcstage-1:389)".

[26/May/2011:10:20:34 -0400]
NSMMReplicationPlugin - Finished total
update of replica "agmt="cn=ADsync"
(wodcstage-1:389)". Sent 0 entries.



access log:



26/May/2011:10:20:37 -0400] conn=11 op=819
SRCH base="cn=ADsync, cn=replica,
cn=22dc=algonquincollege, dc=com22,
cn=mapping tree, cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
attrs="nsds5replicaLastUpdateStart
nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup
nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress
nsds5replicaLastInitStart
nsds5replicaLastInitEnd
nsds5replicaLastInitStatus
nsds5BeginReplicaRefresh"

[26/May/2011:10:20:37 -0400] conn=11 op=819
RESULT err=0 tag=101 nentries=1 etime=0





Thanks.

Albert







--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users











--

Albert Teh

Email: Teh.Albert@Gmail.com














--

Albert Teh

Email: Teh.Albert@Gmail.com






--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

HI Rich,

[root@algldap ~]# /usr/lib/mozldap/ldapsearch -x -w - -D cn="Directory Manager" -b "ou=People,dc=algonquincollege,dc=com" "(|(objectclass=ntuser)(objectclass=ntgroup))"

Enter bind password:
[root@algldap ~]#

No Entry found !!!.

Thanks.
Albert

On Tue, May 31, 2011 at 11:42 AM, Rich Megginson <rmeggins@redhat.com> wrote:







On 05/30/2011 08:32 AM, Albert Teh wrote:
Hi Rich,



I followed the Guide and still got the same result. Checked with*
the AD administrator, the AD's user: mailadm has a full privilege.


/usr/bin/ldapsearch -x -w - -D cn="Directory Manager"-b
"ou=People,dc=algonquincollege,dc=com"
"(|(objectclass=ntuser)(objectclass=ntgroup))"



How many entries match that search?



Thanks.

Albert

* *

Here is the Windows Sync Agreement info:



[root@algldap slapd-algldap]# /usr/lib/mozldap/ldapsearch -w - -D
cn="Directory Manager" -b cn=config cn=ADSync

Enter bind password:

version: 1

dn:
cn=ADSync,cn=replica,cn=dc3Dalgonquincollege2Cdc3D com,cn=mapping
tree,c

*n=config

objectClass: top

objectClass: nsDSWindowsReplicationAgreement

description: AD Sync Agreement

cn: ADSync

nsds7WindowsReplicaSubtree:
cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=co

*m

nsds7DirectoryReplicaSubtree: ou=People,
dc=algonquincollege,dc=com

nsds7NewWinUserSyncEnabled: on

nsds7NewWinGroupSyncEnabled: on

nsds7WindowsDomain: ottawa.ad.algonquincollege.com

nsDS5ReplicaRoot: dc=algonquincollege,dc=com

nsDS5ReplicaHost: wodcstage-1.ottawa.ad.algonquincollege.com

nsDS5ReplicaPort: 389

nsDS5ReplicaBindDN:
cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinco llege,dc

*=com

nsDS5ReplicaBindMethod: SIMPLE

nsDS5ReplicaCredentials: {DES}U68ooQM3C15xjJ/taDmy0A==

nsds5replicareapactive: 0

nsds5replicaLastUpdateStart: 20110530141648Z

nsds5replicaLastUpdateEnd: 20110530141648Z

nsds5replicaChangesSentSinceStartup:

nsds5replicaLastUpdateStatus: 0 Replica acquired successfully:
Incremental upd

*ate succeeded

nsds5replicaUpdateInProgress: FALSE

nsds5replicaLastInitStart: 20110530140648Z

nsds5replicaLastInitEnd: 20110530140648Z

nsds5replicaLastInitStatus: 0 Total update succeeded

[root@algldap slapd-algldap]#







On Fri, May 27, 2011 at 10:57 AM, Rich
Megginson <rmeggins@redhat.com>
wrote:



On 05/27/2011 04:22 AM, Albert Teh wrote:
Hi Rich,



I reinstalled 389-ds-base 1.2.8.3 from EPEL5 and added
onewaysync set as fromWindows in the multimaster
replication plugin. I still got the same result with no
user created in the DS subtree.



Have you read
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync





Errors log:



[27/May/2011:06:18:26 -0400] NSMMReplicationPlugin -
Beginning total update of replica "agmt="cn=ADSync"
(wodcstage-1:389)".

[27/May/2011:06:18:26 -0400] NSMMReplicationPlugin -
Finished total update of replica "agmt="cn=ADSync"
(wodcstage-1:389)". Sent 0 entries.





Access log:



[27/May/2011:06:18:29 -0400] conn=1 op=114 SRCH
base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping

tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
attrs="nsds5replicaLastUpdateStart
nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup
nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart
nsds5replicaLastInitEnd nsds5replicaLastInitStatus
nsds5BeginReplicaRefresh"

[27/May/2011:06:18:29 -0400] conn=1 op=114 RESULT
err=0 tag=101 nentries=1 etime=



Thanks for your help.



Albert







On Thu, May 26, 2011 at 11:13
AM, Rich Megginson <rmeggins@redhat.com>
wrote:



On 05/26/2011 08:58 AM, Albert Teh wrote:
Hi,



We are setting up a new CENTOS-DS version
8.1.0. and CENTOS 5.5 and attempt to
synchronize with the existing 2003 Windows
AD server.

Performing* the full sync completed. There
is no user created in the DS subtree.



We would like to perform one way Sync:* AD
----> DS. Once it works, we will set up
the password Sync from the AD to DS.



One way sync isn't supported with 8.1.0.* I
suggest using 389-ds-base 1.2.8.3 from EPEL5
which does support one way sync.* http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync





AD:**
cn=Users,cn=location,dc=ad,dc=domain,dc=com

DS:** ou=Peoples,dc=domain,dc=com



errors log:





[26/May/2011:10:20:34 -0400]
NSMMReplicationPlugin - Beginning total
update of replica "agmt="cn=ADsync"
(wodcstage-1:389)".

[26/May/2011:10:20:34 -0400]
NSMMReplicationPlugin - Finished total
update of replica "agmt="cn=ADsync"
(wodcstage-1:389)". Sent 0 entries.



access log:



26/May/2011:10:20:37 -0400] conn=11 op=819
SRCH base="cn=ADsync, cn=replica,
cn=22dc=algonquincollege, dc=com22,
cn=mapping tree, cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
attrs="nsds5replicaLastUpdateStart
nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup
nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress
nsds5replicaLastInitStart
nsds5replicaLastInitEnd
nsds5replicaLastInitStatus
nsds5BeginReplicaRefresh"

[26/May/2011:10:20:37 -0400] conn=11 op=819
RESULT err=0 tag=101 nentries=1 etime=0





Thanks.

Albert







--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users











--

Albert Teh

Email: Teh.Albert@Gmail.com














--

Albert Teh

Email: Teh.Albert@Gmail.com








--
Albert Teh
Email: Teh.Albert@Gmail.com

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

On 05/31/2011 10:30 AM, Albert Teh wrote:


HI Rich,



[root@algldap ~]# /usr/lib/mozldap/ldapsearch -x -w - -D
cn="Directory Manager" -b "ou=People,dc=algonquincollege,dc=com"
"(|(objectclass=ntuser)(objectclass=ntgroup))"

Enter bind password:

[root@algldap ~]#



No Entry found !!!.


You have to tell directory server which entries you want to sync.

See http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync


Thanks.

Albert



On Tue, May 31, 2011 at 11:42 AM, Rich
Megginson <rmeggins@redhat.com>
wrote:



On 05/30/2011 08:32 AM, Albert Teh wrote:
Hi Rich,



I followed the Guide and still got the
same result. Checked with* the AD administrator, the
AD's user: mailadm has a full privilege.



/usr/bin/ldapsearch -x -w - -D cn="Directory Manager"-b
"ou=People,dc=algonquincollege,dc=com"
"(|(objectclass=ntuser)(objectclass=ntgroup))"



How many entries match that search?





Thanks.

Albert

* *

Here is the Windows Sync Agreement info:



[root@algldap slapd-algldap]#
/usr/lib/mozldap/ldapsearch -w - -D cn="Directory
Manager" -b cn=config cn=ADSync

Enter bind password:

version: 1

dn:
cn=ADSync,cn=replica,cn=dc3Dalgonquincollege2Cdc3D com,cn=mapping
tree,c

*n=config

objectClass: top

objectClass: nsDSWindowsReplicationAgreement

description: AD Sync Agreement

cn: ADSync

nsds7WindowsReplicaSubtree:
cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=co

*m

nsds7DirectoryReplicaSubtree: ou=People,
dc=algonquincollege,dc=com

nsds7NewWinUserSyncEnabled: on

nsds7NewWinGroupSyncEnabled: on

nsds7WindowsDomain: ottawa.ad.algonquincollege.com

nsDS5ReplicaRoot: dc=algonquincollege,dc=com

nsDS5ReplicaHost: wodcstage-1.ottawa.ad.algonquincollege.com

nsDS5ReplicaPort: 389

nsDS5ReplicaBindDN:
cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinco llege,dc

*=com

nsDS5ReplicaBindMethod: SIMPLE

nsDS5ReplicaCredentials: {DES}U68ooQM3C15xjJ/taDmy0A==

nsds5replicareapactive: 0

nsds5replicaLastUpdateStart: 20110530141648Z

nsds5replicaLastUpdateEnd: 20110530141648Z

nsds5replicaChangesSentSinceStartup:

nsds5replicaLastUpdateStatus: 0 Replica acquired
successfully: Incremental upd

*ate succeeded

nsds5replicaUpdateInProgress: FALSE

nsds5replicaLastInitStart: 20110530140648Z

nsds5replicaLastInitEnd: 20110530140648Z

nsds5replicaLastInitStatus: 0 Total update succeeded

[root@algldap slapd-algldap]#







On Fri, May 27, 2011 at 10:57
AM, Rich Megginson <rmeggins@redhat.com>
wrote:



On 05/27/2011 04:22 AM, Albert Teh wrote:
Hi Rich,



I reinstalled 389-ds-base 1.2.8.3 from EPEL5
and added onewaysync set as fromWindows in
the multimaster replication plugin. I still
got the same result with no user created in
the DS subtree.



Have you read http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync





Errors log:



[27/May/2011:06:18:26 -0400]
NSMMReplicationPlugin - Beginning total
update of replica "agmt="cn=ADSync"
(wodcstage-1:389)".

[27/May/2011:06:18:26 -0400]
NSMMReplicationPlugin - Finished total
update of replica "agmt="cn=ADSync"
(wodcstage-1:389)". Sent 0 entries.





Access log:



[27/May/2011:06:18:29 -0400] conn=1 op=114
SRCH
base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping


tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
attrs="nsds5replicaLastUpdateStart
nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup
nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress
nsds5replicaLastInitStart
nsds5replicaLastInitEnd
nsds5replicaLastInitStatus
nsds5BeginReplicaRefresh"

[27/May/2011:06:18:29 -0400] conn=1 op=114
RESULT err=0 tag=101 nentries=1 etime=



Thanks for your help.



Albert







On Thu, May 26,
2011 at 11:13 AM, Rich Megginson <rmeggins@redhat.com>
wrote:



On 05/26/2011 08:58 AM, Albert
Teh wrote:
Hi,



We are setting up a new
CENTOS-DS version 8.1.0. and
CENTOS 5.5 and attempt to
synchronize with the existing
2003 Windows AD server.

Performing* the full sync
completed. There is no user
created in the DS subtree.



We would like to perform one way
Sync:* AD ----> DS. Once it
works, we will set up the
password Sync from the AD to DS.




One way sync isn't supported with
8.1.0.* I suggest using 389-ds-base
1.2.8.3 from EPEL5 which does
support one way sync.* http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync




AD:**
cn=Users,cn=location,dc=ad,dc=domain,dc=com

DS:**
ou=Peoples,dc=domain,dc=com



errors log:





[26/May/2011:10:20:34 -0400]
NSMMReplicationPlugin -
Beginning total update of
replica "agmt="cn=ADsync"
(wodcstage-1:389)".

[26/May/2011:10:20:34 -0400]
NSMMReplicationPlugin - Finished
total update of replica
"agmt="cn=ADsync"
(wodcstage-1:389)". Sent 0
entries.



access log:



26/May/2011:10:20:37 -0400]
conn=11 op=819 SRCH
base="cn=ADsync, cn=replica,
cn=22dc=algonquincollege,
dc=com22, cn=mapping tree,
cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
attrs="nsds5replicaLastUpdateStart

nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup
nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress
nsds5replicaLastInitStart
nsds5replicaLastInitEnd
nsds5replicaLastInitStatus
nsds5BeginReplicaRefresh"

[26/May/2011:10:20:37 -0400]
conn=11 op=819 RESULT err=0
tag=101 nentries=1 etime=0





Thanks.

Albert







--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users











--

Albert Teh

Email: Teh.Albert@Gmail.com














--

Albert Teh

Email: Teh.Albert@Gmail.com














--

Albert Teh

Email: Teh.Albert@Gmail.com






--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

On Tue, May 31, 2011 at 2:58 PM, Rich Megginson <rmeggins@redhat.com> wrote:








On 05/31/2011 12:49 PM, Albert Teh wrote:
Hi Rich,



Sorry, What I understand doing the OneWay Sync from the AD to the
DS



Users in the Active Directory domain are synced if it is
configured in the sync agreement by selecting the Sync New Windows Users
option. All of the Windows users are copied to the Directory
Server when synchronization is initiated and then new users are
synced over when they are created.



I do not need to do any AD to DS Group Sync



and I am not doing any DS sync to the AD.


/usr/lib/mozldap/ldapsearch -x -h wodcstage-1.ottawa.ad.algonquincollege.com -w
- -D
"cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinc ollege,dc=com" -s
base -b "" "objectclass=*"



You should get the contents of the AD



/usr/lib/mozldap/ldapsearch -x -h
wodcstage-1.ottawa.ad.algonquincollege.com -w - -D
"cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinc ollege,dc=com" -s
sub -b "cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=c om"
"objectclass=person"



you should get the list of users





Thanks.

Al



On Tue, May 31, 2011 at 1:40 PM, Rich
Megginson <rmeggins@redhat.com>
wrote:



On 05/31/2011 10:30 AM, Albert Teh wrote:


HI Rich,



[root@algldap ~]# /usr/lib/mozldap/ldapsearch -x -w - -D
cn="Directory Manager" -b
"ou=People,dc=algonquincollege,dc=com"
"(|(objectclass=ntuser)(objectclass=ntgroup))"

Enter bind password:

[root@algldap ~]#



No Entry found !!!.



You have to tell directory server which entries you want to
sync.

See http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync




Thanks.

Albert



On Tue, May 31, 2011 at 11:42
AM, Rich Megginson <rmeggins@redhat.com>
wrote:



On 05/30/2011 08:32 AM, Albert Teh wrote:

Hi Rich,



I followed the Guide and still got the
same result. Checked with* the AD
administrator, the AD's user: mailadm has a
full privilege.



/usr/bin/ldapsearch -x -w - -D cn="Directory
Manager"-b
"ou=People,dc=algonquincollege,dc=com"
"(|(objectclass=ntuser)(objectclass=ntgroup))"



How many entries match that search?





Thanks.

Albert

* *

Here is the Windows Sync Agreement info:



[root@algldap slapd-algldap]#
/usr/lib/mozldap/ldapsearch -w - -D
cn="Directory Manager" -b cn=config
cn=ADSync

Enter bind password:

version: 1

dn:
cn=ADSync,cn=replica,cn=dc3Dalgonquincollege2Cdc3D com,cn=mapping
tree,c

*n=config

objectClass: top

objectClass:
nsDSWindowsReplicationAgreement

description: AD Sync Agreement

cn: ADSync

nsds7WindowsReplicaSubtree:
cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=co

*m

nsds7DirectoryReplicaSubtree: ou=People,
dc=algonquincollege,dc=com

nsds7NewWinUserSyncEnabled: on

nsds7NewWinGroupSyncEnabled: on

nsds7WindowsDomain: ottawa.ad.algonquincollege.com

nsDS5ReplicaRoot:
dc=algonquincollege,dc=com

nsDS5ReplicaHost: wodcstage-1.ottawa.ad.algonquincollege.com

nsDS5ReplicaPort: 389

nsDS5ReplicaBindDN:
cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinco llege,dc

*=com

nsDS5ReplicaBindMethod: SIMPLE

nsDS5ReplicaCredentials:
{DES}U68ooQM3C15xjJ/taDmy0A==

nsds5replicareapactive: 0

nsds5replicaLastUpdateStart:
20110530141648Z

nsds5replicaLastUpdateEnd: 20110530141648Z

nsds5replicaChangesSentSinceStartup:

nsds5replicaLastUpdateStatus: 0 Replica
acquired successfully: Incremental upd

*ate succeeded

nsds5replicaUpdateInProgress: FALSE

nsds5replicaLastInitStart: 20110530140648Z

nsds5replicaLastInitEnd: 20110530140648Z

nsds5replicaLastInitStatus: 0 Total update
succeeded

[root@algldap slapd-algldap]#







On Fri, May 27,
2011 at 10:57 AM, Rich Megginson <rmeggins@redhat.com>
wrote:



On 05/27/2011 04:22 AM, Albert
Teh wrote:
Hi Rich,



I reinstalled 389-ds-base
1.2.8.3 from EPEL5 and added
onewaysync set as fromWindows in
the multimaster replication
plugin. I still got the same
result with no user created in
the DS subtree.



Have you read http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync





Errors log:



[27/May/2011:06:18:26 -0400]
NSMMReplicationPlugin -
Beginning total update of
replica "agmt="cn=ADSync"
(wodcstage-1:389)".

[27/May/2011:06:18:26 -0400]
NSMMReplicationPlugin -
Finished total update of
replica "agmt="cn=ADSync"
(wodcstage-1:389)". Sent 0
entries.





Access log:



[27/May/2011:06:18:29 -0400]
conn=1 op=114 SRCH
base="cn=ADSync,cn=replica,cn=dc3Dalgonquincollege 2Cdc3Dcom,cn=mapping



tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
attrs="nsds5replicaLastUpdateStart

nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup
nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress
nsds5replicaLastInitStart
nsds5replicaLastInitEnd
nsds5replicaLastInitStatus
nsds5BeginReplicaRefresh"

[27/May/2011:06:18:29 -0400]
conn=1 op=114 RESULT err=0
tag=101 nentries=1 etime=



Thanks for your help.



Albert







On
Thu, May 26, 2011 at 11:13
AM, Rich Megginson <rmeggins@redhat.com>
wrote:



On 05/26/2011
08:58 AM, Albert Teh
wrote:
Hi,



We are setting up a
new CENTOS-DS
version 8.1.0. and
CENTOS 5.5 and
attempt to
synchronize with the
existing 2003
Windows AD server.

Performing* the full
sync completed.
There is no user
created in the DS
subtree.



We would like to
perform one way
Sync:* AD ---->
DS. Once it works,
we will set up the
password Sync from
the AD to DS.



One way sync isn't
supported with 8.1.0.* I
suggest using
389-ds-base 1.2.8.3 from
EPEL5 which does support
one way sync.* http://directory.fedoraproject.org/wiki/One_Way_Active_Directory_Sync






AD:**
cn=Users,cn=location,dc=ad,dc=domain,dc=com

DS:**
ou=Peoples,dc=domain,dc=com



errors log:





[26/May/2011:10:20:34
-0400]
NSMMReplicationPlugin
- Beginning total
update of replica
"agmt="cn=ADsync"
(wodcstage-1:389)".

[26/May/2011:10:20:34
-0400]
NSMMReplicationPlugin
- Finished total
update of replica
"agmt="cn=ADsync"
(wodcstage-1:389)".
Sent 0 entries.



access log:



26/May/2011:10:20:37
-0400] conn=11
op=819 SRCH
base="cn=ADsync,
cn=replica,
cn=22dc=algonquincollege,
dc=com22,
cn=mapping tree,
cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry ))"
attrs="nsds5replicaLastUpdateStart


nsds5replicaLastUpdateEnd

nsds5replicaChangesSentSinceStartup

nsds5replicaLastUpdateStatus

nsds5replicaUpdateInProgress

nsds5replicaLastInitStart

nsds5replicaLastInitEnd

nsds5replicaLastInitStatus

nsds5BeginReplicaRefresh"

[26/May/2011:10:20:37
-0400] conn=11
op=819 RESULT err=0
tag=101 nentries=1
etime=0





Thanks.

Albert







--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users











--

Albert Teh

Email: Teh.Albert@Gmail.com














--

Albert Teh

Email: Teh.Albert@Gmail.com














--

Albert Teh

Email: Teh.Albert@Gmail.com














--

Albert Teh

Email: Teh.Albert@Gmail.com





HI Rich,

These two commands worked and got the result. I have been gone through* the Windows Sync agreement setup for many times. I could not figure out what went wrong.

Thanks a lot for your help again.

Albert
*
/usr/lib/mozldap/ldapsearch -x -h wodcstage-1.ottawa.ad.algonquincollege.com -w
- -D
"cn=mailadm,cn=Users,dc=[root@algldap ~]# /usr/lib/mozldap/ldapsearch -x -h wodcstage-1.ottawa.ad.algonquincollege.com -w - -D "cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinc ollege,dc=com" -s base -b "" "objectclass=*"*********************************** ******* Enter bind password:

version: 1
dn:
currentTime: 20110601001342.0Z
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=ad,DC=a lgonquinc
*ollege,DC=com
dsServiceName: CN=NTDS Settings,CN=WODCSTAGE-1,CN=Servers,CN=Default-First-Sit

*e-Name,CN=Sites,CN=Configuration,DC=ad,DC=algonquinc ollege,DC=com
namingContexts: CN=Configuration,DC=ad,DC=algonquincollege,DC=com
namingContexts: CN=Schema,CN=Configuration,DC=ad,DC=algonquincolle ge,DC=com
namingContexts: DC=ottawa,DC=ad,DC=algonquincollege,DC=com

defaultNamingContext: DC=ottawa,DC=ad,DC=algonquincollege,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=ad,DC=algonquincolle ge,DC=c
*om
configurationNamingContext: CN=Configuration,DC=ad,DC=algonquincollege,DC=com

rootDomainNamingContext: DC=ad,DC=algonquincollege,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.840.113556.1.4.801
supportedControl: 1.2.840.113556.1.4.473
supportedControl: 1.2.840.113556.1.4.528

supportedControl: 1.2.840.113556.1.4.417
supportedControl: 1.2.840.113556.1.4.619
supportedControl: 1.2.840.113556.1.4.841
supportedControl: 1.2.840.113556.1.4.529
supportedControl: 1.2.840.113556.1.4.805
supportedControl: 1.2.840.113556.1.4.521

supportedControl: 1.2.840.113556.1.4.970
supportedControl: 1.2.840.113556.1.4.1338
supportedControl: 1.2.840.113556.1.4.474
supportedControl: 1.2.840.113556.1.4.1339
supportedControl: 1.2.840.113556.1.4.1340

supportedControl: 1.2.840.113556.1.4.1413
supportedControl: 2.16.840.1.113730.3.4.9
supportedControl: 2.16.840.1.113730.3.4.10
supportedControl: 1.2.840.113556.1.4.1504
supportedControl: 1.2.840.113556.1.4.1852

supportedControl: 1.2.840.113556.1.4.802
supportedControl: 1.2.840.113556.1.4.1907
supportedControl: 1.2.840.113556.1.4.1948
supportedLDAPVersion: 3
supportedLDAPVersion: 2
supportedLDAPPolicies: MaxPoolThreads

supportedLDAPPolicies: MaxDatagramRecv
supportedLDAPPolicies: MaxReceiveBuffer
supportedLDAPPolicies: InitRecvTimeout
supportedLDAPPolicies: MaxConnections
supportedLDAPPolicies: MaxConnIdleTime
supportedLDAPPolicies: MaxPageSize

supportedLDAPPolicies: MaxQueryDuration
supportedLDAPPolicies: MaxTempTableSize
supportedLDAPPolicies: MaxResultSetSize
supportedLDAPPolicies: MaxNotificationPerConn
supportedLDAPPolicies: MaxValRange
highestCommittedUSN: 3103418

supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: DIGEST-MD5
dnsHostName: WODCStage-1.ottawa.ad.algonquincollege.com

ldapServiceName: ad.algonquincollege.com:wodcstage-1$@OTTAWA.AD.ALGONQUINCOLLE
*GE.COM
serverName: CN=WODCSTAGE-1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=C
*onfiguration,DC=ad,DC=algonquincollege,DC=com

supportedCapabilities: 1.2.840.113556.1.4.800
supportedCapabilities: 1.2.840.113556.1.4.1670
supportedCapabilities: 1.2.840.113556.1.4.1791
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 2

forestFunctionality: 2
domainControllerFunctionality: 2
[root@algldap ~]#

Partial out:

[root@algldap ~]# /usr/lib/mozldap/ldapsearch -x -h wodcstage-1.ottawa.ad.algonquincollege.com -w - -D "cn=mailadm,cn=Users,dc=ottawa,dc=ad,dc=algonquinc ollege,dc=com" -s sub -b "cn=Users,dc=ottawa,dc=ad,dc=algonquincollege,dc=c om" "objectclass=person" | more

Enter bind password:
version: 1
dn: CN=isp-transfer,CN=Users,DC=ottawa,DC=ad,DC=algonquincoll ege,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: isp-transfer

description: Transfer for Genesis Data to International Student Program share
givenName: isp-transfer
distinguishedName: CN=isp-transfer,CN=Users,DC=ottawa,DC=ad,DC=algonquincoll eg
*e,DC=com
instanceType: 4

whenCreated: 20040517155823.0Z
whenChanged: 20081016173006.0Z
displayName: isp-transfer
uSNCreated: 255422
memberOf: CN=NAS_Transfer_Genesis_ISP,OU=Groups,DC=ottawa,DC =ad,DC=algonquinco
*llege,DC=com
uSNChanged: 255422

name: isp-transfer
objectGUID:: EaeRW3KiMUac6hzEs//X/g==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 127292831041031250

primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAArhyVdhR1dBOOfkA4DN8BAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: isp-transfer
sAMAccountType: 805306368
userPrincipalName: isp-transfer@algonquincollege.com

lockoutTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ad,DC=algo nquincollege
*,DC=com
dSCorePropagationData: 20110131155635.0Z
dSCorePropagationData: 20091227191115.0Z
dSCorePropagationData: 20090127144505.0Z

dSCorePropagationData: 20081201175842.0Z
dSCorePropagationData: 16010714223649.0Z
lastLogonTimestamp: 128686221598537375

dn: CN=heatweb,CN=Users,DC=ottawa,DC=ad,DC=algonquinco llege,DC=com
objectClass: top

objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: heatweb
sn: heatweb
description: Used to communicate between HEAT and IIS
distinguishedName: CN=heatweb,CN=Users,DC=ottawa,DC=ad,DC=algonquinco llege,DC=

*com
instanceType: 4
whenCreated: 20050218192725.0Z
whenChanged: 20081016172611.0Z
displayName: heatweb
uSNCreated: 89976
memberOf: CN=Heat Users,OU=Groups,DC=ottawa,DC=ad,DC=algonquincolleg e,DC=com
uSNChanged: 89976

name: heatweb
objectGUID:: 07KJaAgkGUapXbQN7VprrQ==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0








--
Albert Teh
Email: Teh.Albert@Gmail.com


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users