[389-users] one-way winsync

Thu Oct 1 14:33:11 UTC 2009

Dear 389-ds community,

I have a question about windows sync agreement. Here¹s the scenario:

two Windows DC¹s and two 389-ds servers as below.

Question1: Can I setup a one-way winsync i.e from windows to ldap? I have
tried it and it was like hit or miss. I did this by not giving the ³write²
permissions to AD for  ³CN=Sync Manager².  Is this valid way of sync-ing one
way? I have error messages ³Replica has no update vector. It has never been
initialized². I did a full-resynchronization and it went well without
errors. But I am not seeing any entry updates.

Question2: If I have windows sync on both the 389-ds sync-ing to a diferent
DC. Does it cause any loop or issues. The problem I am facing is, that I
have different OU¹s in AD like ou=Marketing, ou=Finance, ou=Customers and
only one ³ou=People² in 389-ds.

I want only one-way sync. AD-->389-ds

Topology I am trying to make work. Please share your comments.

|--------|                                   |------- |
| DC-1 | <---replication----> | DC-2 |
|--------|                                   |--------|
     |                                                  |
winsync                                     Winsync
     |                                                  |

|---------|                                   |-------- |
| 389-1 | <---replication----> | 389-2 |
|---------|                                   |---------|

Thanks,
Prashanth

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20091001/0414deae/attachment.htm>