[Freeipa-users] Synchronization Agreements between FreeIPA and AD
Сапегин Валерий
unitaip at gmail.com
Thu Oct 23 12:19:54 UTC 2014
Hello!
I tryed to configure synchronization between FreeIPA and Windows AD 2012.
In the thirst time accounts from AD synchronization properly but next
schedule after 5 min is not work and in error log I see the following
errors:
# tail -f /var/log/dirsrv/slapd-TEST-CSBI-ITS-RU/errors
[23/Oct/2014:15:51:34 +0300] NSMMReplicationPlugin - agmt="cn=
meTocsbi-it-dc01.csbigroup.ru" (csbi-it-dc01:389): Replica has no update
vector. It has never been initialized.
[23/Oct/2014:15:51:37 +0300] NSMMReplicationPlugin - agmt="cn=
meTocsbi-it-dc01.csbigroup.ru" (csbi-it-dc01:389): Replica has no update
vector. It has never been initialized.
[23/Oct/2014:15:51:40 +0300] NSMMReplicationPlugin - agmt="cn=
meTocsbi-it-dc01.csbigroup.ru" (csbi-it-dc01:389): Replica has no update
vector. It has never been initialized.
Thirst synchronization out
Added CA certificate /etc/openldap/certs/CSBIGROUP-CA.crt to certificate
database for ipa.test-csbi-its.ru
ipa: INFO: AD Suffix is: DC=csbigroup,DC=ru
The user for the Windows PassSync service is
uid=passsync,cn=sysaccounts,cn=etc,dc=test-csbi-its,dc=ru
Windows PassSync entry exists, not resetting password
ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica
acquired successfully: Incremental update started: start: 0: end: 0
ipa: INFO: Agreement is ready, starting replication . . .
Starting replication, please wait until this has completed.
Update in progress, 13 seconds elapsed
[ipa.test-csbi-its.ru] reports: Update failed! Status: [-1 Total update
abortedLDAP error: Can't contact LDAP server]
Failed to start replication
FreeIPA server version 3.3.3
OS version Centos 7
AD Domain 2012
Can you help me to resolve this problem?
Best regards, Valeriy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141023/462d3e2c/attachment.htm>
More information about the Freeipa-users
mailing list