[Fedora-directory-users] Problem with getting FDS and AD to sync

Fri Oct 26 19:24:13 UTC 2007

On Oct 25, 2007, at 12:50 PM, Richard Megginson wrote:

> Timothy Hunt wrote:
>> I've taken over control of an FDS and an AD server which had been  
>> set up before I got to it.  I'm still fairly new to LDAP and  
>> related things.  I come from a unix background rather than windows.
>>
>> At some point, users put into FDS were replicated on the AD server  
>> correctly.  Subsequently, the flat "structure" of the users in FDS  
>> was improved to be more hierarchical.  However, new users added  
>> into FDS are not being added into AD.  I'm also not familiar  
>> enough with AD to know where to see the OU structure that is  
>> present in FDS in AD.  I'm not even sure if AD would have that  
>> structure.  I'm at a bit of a loss as to how to start diagnosing  
>> where the problem is, let alone fixing it.
>>
>> I've looked at http://directory.fedoraproject.org/wiki/ 
>> Howto:WindowsSync but as that is focussed on setting it up  
>> initially, I'm not sure how much of it applies.
> http://www.redhat.com/docs/manuals/dir-server/ag/7.1/sync.html#2836267
>>
>>

Thanks, Richard,

As our AD server isn't yet being used, I decided to break the  
existing sync agreement, wipe the users on the AD server, and start a  
new sync agreement.

I've got "replication" logging set and I'm getting this in the FDS  
log files

[26/Oct/2007:14:15:38 -0500] NSMMReplicationPlugin -  
agmt="cn=fs2" (fs2:636): Replication session backing off for 191 seconds
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin -  
agmt="cn=fs2" (fs2:636): State: backoff -> backoff
[26/Oct/2007:14:18:50 -0500] - acquire_replica, supplier RUV:
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - supplier:  
{replicageneration} 4693ce97000000010000
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin - supplier:  
{replica 1 ldap://ds1.intraisp.com:389} 469ee73e000000010000  
47223b23000000010000 47223b23
[26/Oct/2007:14:18:50 -0500] - acquire_replica, consumer RUV:
[26/Oct/2007:14:18:50 -0500] - acquire_replica, consumer RUV = null
[26/Oct/2007:14:18:50 -0500] - acquire_replica, supplier RUV is newer
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin -  
agmt="cn=fs2" (fs2:636): Trying secure slapi_ldap_init
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin -  
agmt="cn=fs2" (fs2:636): binddn =  
CN=Administrator,CN=Users,DC=directory,DC=intraisp,DC=com,  passwd =  
{DES}cwngvvY1zCw=
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin -  
agmt="cn=fs2" (fs2:636): Disconnected from the consumer
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin -  
agmt="cn=fs2" (fs2:636): Beginning linger on the connection
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin -  
agmt="cn=fs2" (fs2:636): No linger on the closed conn
[26/Oct/2007:14:18:50 -0500] NSMMReplicationPlugin -  
agmt="cn=fs2" (fs2:636): Replication session backing off for 299 seconds

the "summary" tab of the AD sync agreement on FDS says
Last update message: - LDAP error: Can't contact LDAP server: Error  
Code: 81

But I can connect to port 636 on the AD server from the RDS box  
without a problem.

Any suggestions?

Timothy