Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   Sync with active directory doubts (http://www.linux-archive.org/fedora-directory/668010-sync-active-directory-doubts.html)

Patrick Morris 05-17-2012 09:35 PM
Sync with active directory doubts
 
On 5/17/2012 2:26 PM, Alberto Viana wrote:


Hello,



I have 2 389 DS servers a 6 AD servers and i read this on red
hat documetation about windows replication:



"There
can only be a single sync agreement between the Directory
Server environment and the Active Directory environment.
Multiple sync agreements to the same Active Directory domain
can create entry conflicts."



Now I´m trying the
following scenario:






server2
389(consumer) <- replication -> server1 389 <-
replication -> Server1 AD
* * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * *Server2 AD
* * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * *Server3 AD



So in my master 389
server (server1) I have 3 agreements with 3 different AD
servers. It´s not clear if "Active Directory environment"
means just one AD server.





No, it means the entire AD environment. As explained in your quote,
"multiple sync agreements to the same Acive Directory domain can
cause entry conflicts."* If you're looking to set up more than one
sync agreement to the same domain, you're most likely going to have
problems.



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Rich Megginson 05-17-2012 09:49 PM
Sync with active directory doubts
 
On 05/17/2012 03:35 PM, Patrick Morris wrote:


On 5/17/2012 2:26 PM, Alberto Viana wrote:


Hello,



I have 2 389 DS servers a 6 AD servers and i read this on
red hat documetation about windows replication:



"There

can only be a single sync agreement between the Directory
Server environment and the Active Directory environment.
Multiple sync agreements to the same Active Directory domain
can create entry conflicts."



Now I´m trying the
following scenario:






server2
389(consumer) <- replication -> server1 389 <-
replication -> Server1 AD
* * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * *Server2 AD
* * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * *Server3 AD



So in my master
389 server (server1) I have 3 agreements with 3 different
AD servers. It´s not clear if "Active Directory
environment" means just one AD server.





No, it means the entire AD environment. As explained in your
quote, "multiple sync agreements to the same Acive Directory
domain can cause entry conflicts."* If you're looking to set up
more than one sync agreement to the same domain, you're most
likely going to have problems.




Right.* See also https://fedorahosted.org/389/ticket/225








--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Juan Carlos Camargo 05-18-2012 05:42 AM
Sync with active directory doubts
 
Alberto,
I had a 389ds server with more than 70 windows sync agreements (for a first user reconciliation). Each of them to different AD domain controllers and different domains. No problems at all. But I wouldnt try it if the AD domain was the same regardless of the number of controllers that held it (your case).*
Regards!

De: "Alberto Viana" <albertocrj@gmail.com>
Para: 389-users@lists.fedoraproject.org
Enviados: Jueves, 17 de Mayo 2012 23:26:04
Asunto: [389-users] Sync with active directory doubts

Hello,
I have 2 389 DS servers a 6 AD servers and i read this on red hat documetation about windows replication:
"There can only be a single sync agreement between the Directory Server environment and the Active Directory environment. Multiple sync agreements to the same Active Directory domain can create entry conflicts."


Now I´m trying the following scenario:




server2 389(consumer) <- replication -> server1 389 <- replication -> Server1 AD
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *Server2 AD
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *Server3 AD


So in my master 389 server (server1) I have 3 agreements with 3 different AD servers. It´s not clear if "Active Directory environment" means just one AD server.


Just to make clear that the 6 AD servers are in the same Active Directory domain and all replicate information with each other. I have this number of AD servers because they are located in different places(physically).




Can this scenario create entry conflitc? Am I suppose to sync with just one AD server?






Thanks,


Alberto Viana






--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


--




Juan Carlos Camargo Carrillo**

957-211157 , 650932877

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Alberto Viana 05-18-2012 11:33 AM
Sync with active directory doubts
 
Hello all,
I will modify my config. Thanks so much for the information.
Alberto Viana

On Fri, May 18, 2012 at 2:42 AM, Juan Carlos Camargo <juancar@eprinsa.es> wrote:

Alberto,

I had a 389ds server with more than 70 windows sync agreements (for a first user reconciliation). Each of them to different AD domain controllers and different domains. No problems at all. But I wouldnt try it if the AD domain was the same regardless of the number of controllers that held it (your case).*

Regards!



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


All times are GMT. The time now is 10:24 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.