[Freeipa-users] IPA winsync replication
Emil Petersson
emil at melt.se
Mon Nov 25 15:14:22 UTC 2013
Hi,
I'm running FreeIPA 3.0 under RHEL6.4. I'm seeing some unexpected
behaviour with winsync replication.
1. I have a working winsync agreement, and users are synced correctly.
2. If a user already exists in in IPA when I sync it from AD, I'm seeing
the following in the dirsrv error logs:
[25/Nov/2013:14:29:03 +0000] NSMMReplicationPlugin -
windows_update_local_entry: failed to modify entry
uid=username,cn=users,cn=accounts,dc=domain,dc=net - error 21:Invalid syntax
I assume this is because the user already exists in dirsrv? Fine.
3. Then I remove the corresponding user from IPA and force another sync
from AD, hoping that the user will sync properly this time, and thus
have its ntUser* attributes created:
[25/Nov/2013:14:29:09 +0000] NSMMReplicationPlugin -
agmt="cn=meToAD.domain.com" (dc03:389): map_entry_dn_inbound: looking
for local entry by uid [username]
[25/Nov/2013:14:29:09 +0000] - Windows sync entry: Adding new local
entry dn: uid=username,cn=users,cn=accounts,dc=domain,dc=net
[25/Nov/2013:14:29:09 +0000] NSMMReplicationPlugin - add operation
of entry uid=username,cn=users,cn=accounts,dc=domain,dc=net returned: 21
It's like something (either AD or IPA) remembers that a user have failed
once, and then refuse to sync it any more. Removing the winsync
agreement and recreating it completely doesn't help. The user is still
not synced, and leaves error code 21.
Anyone have any idea on why this is, and how I can sync the user even
though it has failed once?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131125/9e810197/attachment.htm>
More information about the Freeipa-users
mailing list