<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 09/17/2012 07:10 PM, Steven Jones wrote:
<blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E4053CA65A5@STAWINCOX10MBX1.staff.vuw.ac.nz"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div style="direction: ltr; font-family: Tahoma; color: rgb(0, 0,
0); font-size: 10pt;">Hi,<br>
<br>
I understand that I'll lose users that are
cn=Staff_Admins,dc=etc<br>
<br>
So the Q is why I am losing users in the --win-subtree
cn=VUW_Staff,dc= etc <br>
</div>
</blockquote>
<br>
<br>
<br>
<blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E4053CA65A5@STAWINCOX10MBX1.staff.vuw.ac.nz"
type="cite">
<div style="direction: ltr; font-family: Tahoma; color: rgb(0, 0,
0); font-size: 10pt;">
<br>
This I dont understand....<br>
<br>
I have the -v already, anyway to make it very verbose?<br>
</div>
</blockquote>
<br>
<a class="moz-txt-link-freetext" href="http://port389.org/wiki/FAQ#Troubleshooting">http://port389.org/wiki/FAQ#Troubleshooting</a><br>
Use the replication log level 8192<br>
I'd like to see the directory server errors log
/var/log/dirsrv/slapd-DOMAIN/errors when winsync deletes entries
under the --win-subtree cn=VUW_Staff,dc= etc <br>
<br>
<blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E4053CA65A5@STAWINCOX10MBX1.staff.vuw.ac.nz"
type="cite">
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">
<div><br>
<div style="font-family: Tahoma; font-size: 13px;">
<p>regards</p>
<p>Steven Jones</p>
<p>Technical Specialist - Linux RHCE</p>
<p>Victoria University, Wellington, NZ</p>
<p>0064 4 463 6272<br>
</p>
</div>
</div>
<div style="font-family: Times New Roman; color: rgb(0, 0, 0);
font-size: 16px;">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF72378"><font
color="#000000" face="Tahoma" size="2"><b>From:</b> Rich
Megginson [<a class="moz-txt-link-abbreviated" href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>]<br>
<b>Sent:</b> Tuesday, 18 September 2012 12:47 p.m.<br>
<b>To:</b> Steven Jones<br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] winsync agreement
wipes IPA users<br>
</font><br>
</div>
<div>On 09/17/2012 06:17 PM, Steven Jones wrote:
<blockquote type="cite">
<div style="direction: ltr; font-family: Tahoma; color:
rgb(0, 0, 0); font-size: 10pt;">
Hi,<br>
<br>
The first time missed the --win-subtree settings so I
wiped the admins in the IPA admin group and users as
they were not in cn=users as per the bug. The second
time as far as I can tell I specified the correct cn via
win-subtree flag but I still appear to have lost the
users in IPA.....now I expected to lose the admins but
the loss of users as well confounds me.<br>
<br>
<div>I did a ldapsearch as per checking and its seems to
be saying the right folder/ou/cn but IPA is empty.<br>
<br>
Hence I was wondering if there was a log recording
what the update was doing so I could try and figure
out the mistake. Ive tried greping cant find any
indication.<br>
<br>
I will re-try with -v, verbose.<br>
</div>
</div>
</blockquote>
<br>
It is not clear from the manuals, but no matter what
-win-subtree you specify, winsync will search AD starting
from the dc=domain suffix. So, for example, if you have<br>
cn=mystaff,cn=staff,dc=example,dc=com<br>
and you specify<br>
--win-subtree "cn=mystaff,cn=staff,dc=example,dc=com"<br>
winsync will still search starting from dc=example,dc=com
and will hit <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://fedorahosted.org/389/ticket/355"
target="_blank">
ticket/355</a> if there are any users outside of
cn=mystaff,cn=staff,dc=example,dc=com that have the same
username as a user in IPA.<br>
<br>
<blockquote type="cite">
<div style="direction: ltr; font-family: Tahoma; color:
rgb(0, 0, 0); font-size: 10pt;">
<div><br>
<div style="font-family: Tahoma; font-size: 13px;">
<p>regards</p>
<p>Steven Jones</p>
<p>Technical Specialist - Linux RHCE</p>
<p>Victoria University, Wellington, NZ</p>
<p>0064 4 463 6272<br>
</p>
</div>
</div>
<div style="font-family: Times New Roman; color: rgb(0,
0, 0); font-size: 16px;">
<hr tabindex="-1">
<div id="divRpF82792" style="direction: ltr;"><font
color="#000000" face="Tahoma" size="2"><b>From:</b>
Rich Megginson [<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:rmeggins@redhat.com"
target="_blank">rmeggins@redhat.com</a>]<br>
<b>Sent:</b> Tuesday, 18 September 2012 11:37 a.m.<br>
<b>To:</b> Steven Jones<br>
<b>Cc:</b> <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users@redhat.com"
target="_blank">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] winsync
agreement wipes IPA users<br>
</font><br>
</div>
<div>On 09/17/2012 04:17 PM, Steven Jones wrote:
<blockquote type="cite">
<style id="owaParaStyle" type="text/css">
<!--
p
{margin-top:0;
margin-bottom:0}
body
{direction:ltr;
font-family:Tahoma;
color:#000000;
font-size:10pt}
p
{margin-top:0;
margin-bottom:0}
body
{scrollbar-base-color:undefined;
scrollbar-highlight-color:undefined;
scrollbar-darkshadow-color:undefined;
scrollbar-arrow-color:undefined}
-->
BODY {direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;}P {margin-top:0;margin-bottom:0;}</style>
<div style="direction: ltr; font-family: Tahoma;
color: rgb(0, 0, 0); font-size: 10pt;">
Hi,<br>
<br>
I just tried to do a winsync agreement with
specifying the AD point as
cn=VUW_Staff,dc=staff,dc=vuw,dc=vuw,dc=ac,dc=nz
as my users are not in the users folder but the
VUW_Staff folder (at the same level) and it
wiped all IPA users that are also in AD.
</div>
</blockquote>
<br>
Yes, this is what happens with <a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://fedorahosted.org/389/ticket/355"
target="_blank">
https://fedorahosted.org/389/ticket/355</a><br>
#355 winsync should not delete entry that
appears to be out of scope<br>
<br>
<blockquote type="cite">
<div style="direction: ltr; font-family: Tahoma;
color: rgb(0, 0, 0); font-size: 10pt;">
While doing the actual update does this get
verbosly logged anywhere as opposed to "update
in progress" dumped to the screen? Something
went badly wrong, I just dont know what.<br>
</div>
</blockquote>
<br>
You are seeing something different than #355?<br>
<br>
<blockquote type="cite">
<div style="direction: ltr; font-family: Tahoma;
color: rgb(0, 0, 0); font-size: 10pt;">
<div><br>
:/<br>
<br>
<div style="font-family: Tahoma; font-size:
13px;">
<p>regards</p>
<p>Steven Jones</p>
<p>Technical Specialist - Linux RHCE</p>
<p>Victoria University, Wellington, NZ</p>
<p>0064 4 463 6272</p>
</div>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"
target="_blank"></fieldset>
<br>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>