[389-users] 389 AD password sync no longer works after upgrade from fds
Rich Megginson
rmeggins at redhat.com
Sat Dec 19 00:07:56 UTC 2009
Jason Solan wrote:
> Hello,
> Recently we've upgraded our fds servers (1.1.3) to 389 (1.2.2). Doing
> so seems to have broken password sync from 389 to Active Directory. All
> other attributes are passing fine and passync from AD to 389 is working.
> The AD machine has not been updated since before the upgrade of 389, at
> which time the sync still worked.
>
> No error occurs in the log, but the sync takes 10 minutes before timing
> out and claiming success. After turning on more logging, the error log
> reports:
>
> "AD already has the current password for <CN>. Not sending password
> modify to AD."
>
> I brought this up on IRC the other day and got a response that this is
> most likely bug:
> https://bugzilla.redhat.com/show_bug.cgi?id=537956
>
> (I think thats the bug, bugzilla is down for maintenance at the time of
> this email)
>
> Today I went and re-installed a new server and put fedora-ds on by
> excluding the 389* packages. I imported my directory and enabled
> windows sync on this system. The password sync works fine from this new
> system.
>
> Has anyone run into a similar issue?
> Is there a way to downgrade after upgrading to 389?
> Could the issue have anything to do with the name of the service (i.e.
> changing a config parameter that windows sync uses from fedora-ds- to
> 389-)?
> Could this still be the same bug as listed above, or should I open a new
> one?
>
Please open a new bug.
>
> All fds/389 systems are centos 5.4
>
> Packages on Working sync:
>
> fedora-ds-console-1.2.0-1.fc6
> fedora-ds-base-1.2.0-2.fc6
> fedora-ds-dsgw-1.1.2-1.fc6
> fedora-ds-admin-1.1.7-3.fc6
> fedora-ds-1.1.3-1.fc6
> fedora-ds-admin-console-1.1.3-1.fc6
>
>
> Packages Non-working sync:
>
> 389-ds-console-1.2.0-4.el5
> 389-admin-1.1.8-4.el5
> 389-console-1.1.3-3.el5
> 389-ds-console-doc-1.2.0-4.el5
> 389-ds-1.1.3-4.el5
> 389-admin-console-1.1.4-1.el5
> 389-admin-console-doc-1.1.4-1.el5
> 389-adminutil-1.1.8-3.el5
> 389-ds-base-1.2.2-1.el5
> 389-dsgw-1.1.4-1.el5
>
>
>
>
>
>
>
> IMPORTANT:
> This transmission is sent on behalf of Knouse Foods ® for business
> purposes. It is for the intended recipient only. If you are not the intended
> recipient or a person responsible for delivering this transmission to
> the intended recipient, you may not disclose, copy or distribute this
> transmission or take any action in reliance on it. If you received this
> transmission in error, please notify us immediately by replying to this
> Email message, and please dispose of and delete this transmission.
> Thank you.
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
More information about the Fedora-directory-users
mailing list