[Fedora-directory-users] Groups Sync with AD
David Boreham
david_list at boreham.org
Mon Jan 9 21:17:53 UTC 2006
Daniel Shackelford wrote:
> I am using FDS 1.0.1, syncing with AD. User sync works just fine. I
> have a separate sync agreement for groups, but membership does not
> seem to be synced...
> I do get errors that look like this:
>
> [09/Jan/2006:15:43:58 -0500] NSMMReplicationPlugin -
> agmt="cn=ADGroupSYnc" (bsod:636): windows_replay_update: failed to
> fetch local entry for modify operation
> dn="uid=teststudent,ou=students,ou=people,dc=arbor,dc=edu"
>
> And some like this:
>
> [09/Jan/2006:15:40:45 -0500] - slapi_modify_internal_set_pb: NULL
> parameter
> [09/Jan/2006:15:40:45 -0500] - allow_operation: component identity is
> NULL
>
>
> And a couple of these:
> [09/Jan/2006:15:40:41 -0500] - Entry
> "cn=testgroup,ou=portal,ou=uGroups, dc=arbor,dc=edu" -- attribute
> "mail" not allowed
> [09/Jan/2006:15:40:41 -0500] NSMMReplicationPlugin -
> windows_update_local_entry: failed to modify entry
> cn=testgroup,ou=portal,ou=uGroups, dc=arbor, dc=edu
>
> Any insight?
>
Hmm...yes. Unfortunately when I said earlier that this two agreement
scheme would work, I was smoking crack.
I forgot that we have a check on the group members : we don't sync
members that are not also
subject to the sync agreement. It has no way to know that you have those
members sync'ed
with another agreement, and hence assumed that they're not sync'ed. This
will mean that it will
refuse to sync any group content.
More information about the Fedora-directory-users
mailing list