<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 09/19/2012 04:55 PM, Steven Jones wrote:
<blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E40546CF1A6@STAWINCOX10MBX1.staff.vuw.ac.nz"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div style="direction: ltr; font-family: Tahoma; color: rgb(0, 0,
0); font-size: 10pt;">Hi,<br>
<br>
<br>
Sample of errors log,<br>
<br>
<div>=========<br>
[17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - changelog
program - _cl5GetDBFileByReplicaName: found DB object 1bcf2e0
for database
/var/lib/dirsrv/slapd-ODS-VUW-AC-NZ/cldb/32d77a0d-778a11e1-a445c792-b25c661e_4fbdbe64000000040000.db4<br>
[17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - changelog
program - _cl5GetDBFileByReplicaName: found DB object 1bcf2e0
for database
/var/lib/dirsrv/slapd-ODS-VUW-AC-NZ/cldb/32d77a0d-778a11e1-a445c792-b25c661e_4fbdbe64000000040000.db4<br>
[17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin -
ruv_update_ruv: successfully committed csn
504d01f7000000110000<br>
[17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin -
agmt="cn=meTovuwunicoipam002.ods.vuw.ac.nz"
(vuwunicoipam002:389): State: stop_fatal_error ->
stop_fatal_error<br>
[17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin -
agmt="cn=meTovuwunicoipam003.ods.vuw.ac.nz"
(vuwunicoipam003:389): State: stop_fatal_error ->
stop_fatal_error<br>
[17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin -
ruv_add_csn_inprogress: successfully inserted csn
504d01f8000000110000 into pending list<br>
[17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - Purged
state information from entry
uid=jonesst1,cn=users,cn=accounts,dc=ods,dc=vuw,dc=ac,dc=nz up
to CSN 504d42c5000000040000<br>
[17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - changelog
program - _cl5GetDBFileByReplicaName: found DB object 1bcf2e0
for database
/var/lib/dirsrv/slapd-ODS-VUW-AC-NZ/cldb/32d77a0d-778a11e1-a445c792-b25c661e_4fbdbe64000000040000.db4<br>
[17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - changelog
program - _cl5GetDBFileByReplicaName: found DB object 1bcf2e0
for database
/var/lib/dirsrv/slapd-ODS-VUW-AC-NZ/cldb/32d77a0d-778a11e1-a445c792-b25c661e_4fbdbe64000000040000.db4<br>
[17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin -
ruv_update_ruv: successfully committed csn
504d01f8000000110000<br>
[17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin -
agmt="cn=meTovuwunicoipam002.ods.vuw.ac.nz"
(vuwunicoipam002:389): State: stop_fatal_error ->
stop_fatal_error<br>
[17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin -
agmt="cn=meTovuwunicoipam003.ods.vuw.ac.nz"
(vuwunicoipam003:389): State: stop_fatal_error ->
stop_fatal_error<br>
=========<br>
</div>
</div>
</blockquote>
<br>
Is cn=meTovuwunicoipam003.ods.vuw.ac.nz the windows sync agreement?<br>
<br>
<blockquote
cite="mid:833D8E48405E064EBC54C84EC6B36E40546CF1A6@STAWINCOX10MBX1.staff.vuw.ac.nz"
type="cite">
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">
<div>
<br>
<br>
<br>
<div style="font-family: Tahoma; font-size: 13px;">
<p>regards</p>
<p>Steven Jones</p>
<p>Technical Specialist - Linux RHCE</p>
<p>Victoria University, Wellington, NZ</p>
<p>0064 4 463 6272<br>
</p>
</div>
</div>
<div style="font-family: Times New Roman; color: rgb(0, 0, 0);
font-size: 16px;">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF386226"><font
color="#000000" face="Tahoma" size="2"><b>From:</b> Rich
Megginson [<a class="moz-txt-link-abbreviated" href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>]<br>
<b>Sent:</b> Wednesday, 19 September 2012 12:32 a.m.<br>
<b>To:</b> Steven Jones<br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] winsync agreement
wipes IPA users<br>
</font><br>
</div>
<div>On 09/17/2012 07:10 PM, Steven Jones wrote:
<blockquote type="cite">
<div style="direction: ltr; font-family: Tahoma; color:
rgb(0, 0, 0); font-size: 10pt;">
Hi,<br>
<br>
I understand that I'll lose users that are
cn=Staff_Admins,dc=etc<br>
<br>
So the Q is why I am losing users in the --win-subtree
cn=VUW_Staff,dc= etc <br>
</div>
</blockquote>
<br>
<br>
<br>
<blockquote type="cite">
<div style="direction: ltr; font-family: Tahoma; color:
rgb(0, 0, 0); font-size: 10pt;">
<br>
This I dont understand....<br>
<br>
I have the -v already, anyway to make it very verbose?<br>
</div>
</blockquote>
<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://port389.org/wiki/FAQ#Troubleshooting"
target="_blank">http://port389.org/wiki/FAQ#Troubleshooting</a><br>
Use the replication log level 8192<br>
I'd like to see the directory server errors log
/var/log/dirsrv/slapd-DOMAIN/errors when winsync deletes
entries under the --win-subtree cn=VUW_Staff,dc= etc
<br>
<br>
<blockquote type="cite">
<div style="direction: ltr; font-family: Tahoma; color:
rgb(0, 0, 0); font-size: 10pt;">
<div><br>
<div style="font-family: Tahoma; font-size: 13px;">
<p>regards</p>
<p>Steven Jones</p>
<p>Technical Specialist - Linux RHCE</p>
<p>Victoria University, Wellington, NZ</p>
<p>0064 4 463 6272<br>
</p>
</div>
</div>
<div style="font-family: Times New Roman; color: rgb(0,
0, 0); font-size: 16px;">
<hr tabindex="-1">
<div id="divRpF72378" style="direction: ltr;"><font
color="#000000" face="Tahoma" size="2"><b>From:</b>
Rich Megginson [<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:rmeggins@redhat.com"
target="_blank">rmeggins@redhat.com</a>]<br>
<b>Sent:</b> Tuesday, 18 September 2012 12:47 p.m.<br>
<b>To:</b> Steven Jones<br>
<b>Cc:</b> <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users@redhat.com"
target="_blank">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] winsync
agreement wipes IPA users<br>
</font><br>
</div>
<div>On 09/17/2012 06:17 PM, Steven Jones wrote:
<blockquote type="cite">
<div style="direction: ltr; font-family: Tahoma;
color: rgb(0, 0, 0); font-size: 10pt;">
Hi,<br>
<br>
The first time missed the --win-subtree settings
so I wiped the admins in the IPA admin group and
users as they were not in cn=users as per the
bug. The second time as far as I can tell I
specified the correct cn via win-subtree flag
but I still appear to have lost the users in
IPA.....now I expected to lose the admins but
the loss of users as well confounds me.<br>
<br>
<div>I did a ldapsearch as per checking and its
seems to be saying the right folder/ou/cn but
IPA is empty.<br>
<br>
Hence I was wondering if there was a log
recording what the update was doing so I could
try and figure out the mistake. Ive tried
greping cant find any indication.<br>
<br>
I will re-try with -v, verbose.<br>
</div>
</div>
</blockquote>
<br>
It is not clear from the manuals, but no matter what
-win-subtree you specify, winsync will search AD
starting from the dc=domain suffix. So, for
example, if you have<br>
cn=mystaff,cn=staff,dc=example,dc=com<br>
and you specify<br>
--win-subtree
"cn=mystaff,cn=staff,dc=example,dc=com"<br>
winsync will still search starting from
dc=example,dc=com and will hit <a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://fedorahosted.org/389/ticket/355"
target="_blank">
ticket/355</a> if there are any users outside of
cn=mystaff,cn=staff,dc=example,dc=com that have the
same username as a user in IPA.<br>
<br>
<blockquote type="cite">
<div style="direction: ltr; font-family: Tahoma;
color: rgb(0, 0, 0); font-size: 10pt;">
<div><br>
<div style="font-family: Tahoma; font-size:
13px;">
<p>regards</p>
<p>Steven Jones</p>
<p>Technical Specialist - Linux RHCE</p>
<p>Victoria University, Wellington, NZ</p>
<p>0064 4 463 6272<br>
</p>
</div>
</div>
<div style="font-family: Times New Roman; color:
rgb(0, 0, 0); font-size: 16px;">
<hr tabindex="-1">
<div id="divRpF82792" style="direction: ltr;"><font
color="#000000" face="Tahoma" size="2"><b>From:</b>
Rich Megginson [<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:rmeggins@redhat.com"
target="_blank">rmeggins@redhat.com</a>]<br>
<b>Sent:</b> Tuesday, 18 September 2012
11:37 a.m.<br>
<b>To:</b> Steven Jones<br>
<b>Cc:</b> <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users@redhat.com"
target="_blank">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users]
winsync agreement wipes IPA users<br>
</font><br>
</div>
<div>On 09/17/2012 04:17 PM, Steven Jones
wrote:
<blockquote type="cite">
<style id="owaParaStyle" type="text/css">
<!--
p
{margin-top:0;
margin-bottom:0}
body
{direction:ltr;
font-family:Tahoma;
color:#000000;
font-size:10pt}
p
{margin-top:0;
margin-bottom:0}
body
{scrollbar-base-color:undefined;
scrollbar-highlight-color:undefined;
scrollbar-darkshadow-color:undefined;
scrollbar-arrow-color:undefined}
body
{direction:ltr;
font-family:Tahoma;
color:#000000;
font-size:10pt}
p
{margin-top:0;
margin-bottom:0}
-->
BODY {direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;}P {margin-top:0;margin-bottom:0;}</style>
<div style="direction: ltr; font-family:
Tahoma; color: rgb(0, 0, 0); font-size:
10pt;">
Hi,<br>
<br>
I just tried to do a winsync agreement
with specifying the AD point as
cn=VUW_Staff,dc=staff,dc=vuw,dc=vuw,dc=ac,dc=nz
as my users are not in the users folder
but the VUW_Staff folder (at the same
level) and it wiped all IPA users that
are also in AD.
</div>
</blockquote>
<br>
Yes, this is what happens with <a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://fedorahosted.org/389/ticket/355"
target="_blank">
https://fedorahosted.org/389/ticket/355</a><br>
#355 winsync should not delete entry
that appears to be out of scope<br>
<br>
<blockquote type="cite">
<div style="direction: ltr; font-family:
Tahoma; color: rgb(0, 0, 0); font-size:
10pt;">
While doing the actual update does this
get verbosly logged anywhere as opposed
to "update in progress" dumped to the
screen? Something went badly wrong, I
just dont know what.<br>
</div>
</blockquote>
<br>
You are seeing something different than
#355?<br>
<br>
<blockquote type="cite">
<div style="direction: ltr; font-family:
Tahoma; color: rgb(0, 0, 0); font-size:
10pt;">
<div><br>
:/<br>
<br>
<div style="font-family: Tahoma;
font-size: 13px;">
<p>regards</p>
<p>Steven Jones</p>
<p>Technical Specialist - Linux RHCE</p>
<p>Victoria University, Wellington,
NZ</p>
<p>0064 4 463 6272</p>
</div>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"
target="_blank"></fieldset>
<br>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>