[389-users] 389 AD password sync no longer works after upgrade from fds
Jason Solan
jsolan at knouse.com
Fri Dec 18 23:41:51 UTC 2009
Hello,
Recently we've upgraded our fds servers (1.1.3) to 389 (1.2.2). Doing
so seems to have broken password sync from 389 to Active Directory. All
other attributes are passing fine and passync from AD to 389 is working.
The AD machine has not been updated since before the upgrade of 389, at
which time the sync still worked.
No error occurs in the log, but the sync takes 10 minutes before timing
out and claiming success. After turning on more logging, the error log
reports:
"AD already has the current password for <CN>. Not sending password
modify to AD."
I brought this up on IRC the other day and got a response that this is
most likely bug:
https://bugzilla.redhat.com/show_bug.cgi?id=537956
(I think thats the bug, bugzilla is down for maintenance at the time of
this email)
Today I went and re-installed a new server and put fedora-ds on by
excluding the 389* packages. I imported my directory and enabled
windows sync on this system. The password sync works fine from this new
system.
Has anyone run into a similar issue?
Is there a way to downgrade after upgrading to 389?
Could the issue have anything to do with the name of the service (i.e.
changing a config parameter that windows sync uses from fedora-ds- to
389-)?
Could this still be the same bug as listed above, or should I open a new
one?
All fds/389 systems are centos 5.4
Packages on Working sync:
fedora-ds-console-1.2.0-1.fc6
fedora-ds-base-1.2.0-2.fc6
fedora-ds-dsgw-1.1.2-1.fc6
fedora-ds-admin-1.1.7-3.fc6
fedora-ds-1.1.3-1.fc6
fedora-ds-admin-console-1.1.3-1.fc6
Packages Non-working sync:
389-ds-console-1.2.0-4.el5
389-admin-1.1.8-4.el5
389-console-1.1.3-3.el5
389-ds-console-doc-1.2.0-4.el5
389-ds-1.1.3-4.el5
389-admin-console-1.1.4-1.el5
389-admin-console-doc-1.1.4-1.el5
389-adminutil-1.1.8-3.el5
389-ds-base-1.2.2-1.el5
389-dsgw-1.1.4-1.el5
IMPORTANT:
This transmission is sent on behalf of Knouse Foods ® for business
purposes. It is for the intended recipient only. If you are not the intended
recipient or a person responsible for delivering this transmission to
the intended recipient, you may not disclose, copy or distribute this
transmission or take any action in reliance on it. If you received this
transmission in error, please notify us immediately by replying to this
Email message, and please dispose of and delete this transmission.
Thank you.
More information about the Fedora-directory-users
mailing list