<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
On 09/17/2012 06:17 PM, Steven Jones wrote:
<blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E4053CA6574@STAWINCOX10MBX1.staff.vuw.ac.nz"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div style="direction: ltr; font-family: Tahoma; color: rgb(0, 0,
0); font-size: 10pt;">Hi,<br>
<br>
The first time missed the --win-subtree settings so I wiped the
admins in the IPA admin group and users as they were not in
cn=users as per the bug. The second time as far as I can tell I
specified the correct cn via win-subtree flag but I still appear
to have lost the users in IPA.....now I expected to lose the
admins but the loss of users as well confounds me.<br>
<br>
<div>I did a ldapsearch as per checking and its seems to be
saying the right folder/ou/cn but IPA is empty.<br>
<br>
Hence I was wondering if there was a log recording what the
update was doing so I could try and figure out the mistake.
Ive tried greping cant find any indication.<br>
<br>
I will re-try with -v, verbose.<br>
</div>
</div>
</blockquote>
<br>
It is not clear from the manuals, but no matter what -win-subtree
you specify, winsync will search AD starting from the dc=domain
suffix. So, for example, if you have<br>
cn=mystaff,cn=staff,dc=example,dc=com<br>
and you specify<br>
--win-subtree "cn=mystaff,cn=staff,dc=example,dc=com"<br>
winsync will still search starting from dc=example,dc=com and will
hit <a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://fedorahosted.org/389/ticket/355" target="_blank">ticket/355</a>
if there are any users outside of
cn=mystaff,cn=staff,dc=example,dc=com that have the same username as
a user in IPA.<br>
<br>
<blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E4053CA6574@STAWINCOX10MBX1.staff.vuw.ac.nz"
type="cite">
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">
<div>
<br>
<div style="font-family: Tahoma; font-size: 13px;">
<p>regards</p>
<p>Steven Jones</p>
<p>Technical Specialist - Linux RHCE</p>
<p>Victoria University, Wellington, NZ</p>
<p>0064 4 463 6272<br>
</p>
</div>
</div>
<div style="font-family: Times New Roman; color: rgb(0, 0, 0);
font-size: 16px;">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF82792"><font
color="#000000" face="Tahoma" size="2"><b>From:</b> Rich
Megginson [<a class="moz-txt-link-abbreviated" href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>]<br>
<b>Sent:</b> Tuesday, 18 September 2012 11:37 a.m.<br>
<b>To:</b> Steven Jones<br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] winsync agreement
wipes IPA users<br>
</font><br>
</div>
<div>On 09/17/2012 04:17 PM, Steven Jones wrote:
<blockquote type="cite">
<style id="owaParaStyle" type="text/css">
<!--
p
{margin-top:0;
margin-bottom:0}
-->
BODY {direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;}P {margin-top:0;margin-bottom:0;}BODY {scrollbar-base-color:undefined;scrollbar-highlight-color:undefined;scrollbar-darkshadow-color:undefined;scrollbar-track-color:undefined;scrollbar-arrow-color:undefined}</style>
<div style="direction: ltr; font-family: Tahoma; color:
rgb(0, 0, 0); font-size: 10pt;">
Hi,<br>
<br>
I just tried to do a winsync agreement with specifying
the AD point as
cn=VUW_Staff,dc=staff,dc=vuw,dc=vuw,dc=ac,dc=nz as my
users are not in the users folder but the VUW_Staff
folder (at the same level) and it wiped all IPA users
that are also in AD.
</div>
</blockquote>
<br>
Yes, this is what happens with <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://fedorahosted.org/389/ticket/355"
target="_blank">
https://fedorahosted.org/389/ticket/355</a><br>
#355 winsync should not delete entry that appears to be
out of scope<br>
<br>
<blockquote type="cite">
<div style="direction: ltr; font-family: Tahoma; color:
rgb(0, 0, 0); font-size: 10pt;">
While doing the actual update does this get verbosly
logged anywhere as opposed to "update in progress"
dumped to the screen? Something went badly wrong, I
just dont know what.<br>
</div>
</blockquote>
<br>
You are seeing something different than #355?<br>
<br>
<blockquote type="cite">
<div style="direction: ltr; font-family: Tahoma; color:
rgb(0, 0, 0); font-size: 10pt;">
<div><br>
:/<br>
<br>
<div style="font-family: Tahoma; font-size: 13px;">
<p>regards</p>
<p>Steven Jones</p>
<p>Technical Specialist - Linux RHCE</p>
<p>Victoria University, Wellington, NZ</p>
<p>0064 4 463 6272</p>
</div>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader" target="_blank"></fieldset>
<br>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>