[Freeipa-users] Synchronization Agreements between FreeIPA and AD

Dmitri Pal dpal at redhat.com
Thu Oct 23 16:26:16 UTC 2014 

On 10/23/2014 08:19 AM, ??????? ??????? wrote:
> Hello!
>
> I tryed to configure synchronization between FreeIPA and  Windows AD 
> 2012. In the thirst time accounts from AD synchronization properly but 
> next schedule after 5 min is not work and in error log I see the 
> following errors:
>
> # tail -f /var/log/dirsrv/slapd-TEST-CSBI-ITS-RU/errors
> [23/Oct/2014:15:51:34 +0300] NSMMReplicationPlugin - 
> agmt="cn=meTocsbi-it-dc01.csbigroup.ru 
> <http://meTocsbi-it-dc01.csbigroup.ru>" (csbi-it-dc01:389): Replica 
> has no update vector. It has never been initialized.
> [23/Oct/2014:15:51:37 +0300] NSMMReplicationPlugin - 
> agmt="cn=meTocsbi-it-dc01.csbigroup.ru 
> <http://meTocsbi-it-dc01.csbigroup.ru>" (csbi-it-dc01:389): Replica 
> has no update vector. It has never been initialized.
> [23/Oct/2014:15:51:40 +0300] NSMMReplicationPlugin - 
> agmt="cn=meTocsbi-it-dc01.csbigroup.ru 
> <http://meTocsbi-it-dc01.csbigroup.ru>" (csbi-it-dc01:389): Replica 
> has no update vector. It has never been initialized.
>
> Thirst synchronization out
>
> Added CA certificate /etc/openldap/certs/CSBIGROUP-CA.crt to 
> certificate database for ipa.test-csbi-its.ru 
> <http://ipa.test-csbi-its.ru>
> ipa: INFO: AD Suffix is: DC=csbigroup,DC=ru
> The user for the Windows PassSync service is 
> uid=passsync,cn=sysaccounts,cn=etc,dc=test-csbi-its,dc=ru
> Windows PassSync entry exists, not resetting password
> ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
> ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica 
> acquired successfully: Incremental update started: start: 0: end: 0
> ipa: INFO: Agreement is ready, starting replication . . .
> Starting replication, please wait until this has completed.
> Update in progress, 13 seconds elapsed
> [ipa.test-csbi-its.ru <http://ipa.test-csbi-its.ru>] reports: Update 
> failed! Status: [-1 Total update abortedLDAP error: Can't contact LDAP 
> server]

Can you connect from this replica to AD using ldapsearch?

>
> Failed to start replication
>
>
>
> FreeIPA server version 3.3.3
> OS version Centos 7
> AD Domain 2012
>
> Can you help me to resolve this problem?
>
> Best regards, Valeriy
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141023/38976f89/attachment.htm>

More information about the Freeipa-users mailing list