[Fedora-directory-users] Problem with getting FDS and AD to sync
Richard Megginson
rmeggins at redhat.com
Fri Oct 26 19:50:53 UTC 2007
Timothy Hunt wrote:
>
> On Oct 25, 2007, at 12:50 PM, Richard Megginson wrote:
>
>> Timothy Hunt wrote:
>>> I've taken over control of an FDS and an AD server which had been
>>> set up before I got to it. I'm still fairly new to LDAP and related
>>> things. I come from a unix background rather than windows.
>>>
>>> At some point, users put into FDS were replicated on the AD server
>>> correctly. Subsequently, the flat "structure" of the users in FDS
>>> was improved to be more hierarchical. However, new users added into
>>> FDS are not being added into AD. I'm also not familiar enough with
>>> AD to know where to see the OU structure that is present in FDS in
>>> AD. I'm not even sure if AD would have that structure. I'm at a
>>> bit of a loss as to how to start diagnosing where the problem is,
>>> let alone fixing it.
>>>
>>> I've looked at
>>> http://directory.fedoraproject.org/wiki/Howto:WindowsSync but as
>>> that is focussed on setting it up initially, I'm not sure how much
>>> of it applies.
>> http://www.redhat.com/docs/manuals/dir-server/ag/7.1/sync.html#2836267
>>>
>>>
>
> Thanks, Richard,
>
> As our AD server isn't yet being used, I decided to break the existing
> sync agreement, wipe the users on the AD server, and start a new sync
> agreement.
>
> I've got "replication" logging set and I'm getting this in the FDS log
> files
>
> [26/Oct/2007:14:15:38 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
> (fs2:636): Replication session backing off for 191 seconds
> [26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
> (fs2:636): State: backoff -> backoff
> [26/Oct/2007:14:18:50 -0500] - acquire_replica, supplier RUV:
> [26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - supplier:
> {replicageneration} 4693ce97000000010000
> [26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - supplier:
> {replica 1 ldap://ds1.intraisp.com:389} 469ee73e000000010000
> 47223b23000000010000 47223b23
> [26/Oct/2007:14:18:50 -0500] - acquire_replica, consumer RUV:
> [26/Oct/2007:14:18:50 -0500] - acquire_replica, consumer RUV = null
> [26/Oct/2007:14:18:50 -0500] - acquire_replica, supplier RUV is newer
> [26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
> (fs2:636): Trying secure slapi_ldap_init
> [26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
> (fs2:636): binddn =
> CN=Administrator,CN=Users,DC=directory,DC=intraisp,DC=com, passwd =
> {DES}cwngvvY1zCw=
> [26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
> (fs2:636): Disconnected from the consumer
> [26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
> (fs2:636): Beginning linger on the connection
> [26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
> (fs2:636): No linger on the closed conn
> [26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - agmt="cn=fs2"
> (fs2:636): Replication session backing off for 299 seconds
>
> the "summary" tab of the AD sync agreement on FDS says
> Last update message: - LDAP error: Can't contact LDAP server: Error
> Code: 81
>
> But I can connect to port 636 on the AD server from the RDS box
> without a problem.
Can you connect to port 389 on the AD server? Is it possible you have
configured it to use port 636 but not to use SSL (or vice versa)?
>
> Any suggestions?
>
> Timothy
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20071026/99f044c5/attachment.bin>
More information about the Fedora-directory-users
mailing list