[389-users] 389 AD password sync no longer works after upgrade from fds
James Roman
james.roman at ssaihq.com
Mon Dec 21 14:51:47 UTC 2009
We just noticed this problem last week as well. I submitted bug:
https://bugzilla.redhat.com/show_bug.cgi?id=549384
Rich Megginson wrote:
> Jason Solan wrote:
>> Hello,
>> Recently we've upgraded our fds servers (1.1.3) to 389 (1.2.2). Doing
>> so seems to have broken password sync from 389 to Active Directory. All
>> other attributes are passing fine and passync from AD to 389 is working.
>> The AD machine has not been updated since before the upgrade of 389, at
>> which time the sync still worked.
>>
>> No error occurs in the log, but the sync takes 10 minutes before timing
>> out and claiming success. After turning on more logging, the error log
>> reports:
>>
>> "AD already has the current password for <CN>. Not sending password
>> modify to AD."
>>
>> I brought this up on IRC the other day and got a response that this is
>> most likely bug:
>> https://bugzilla.redhat.com/show_bug.cgi?id=537956
>>
>> (I think thats the bug, bugzilla is down for maintenance at the time of
>> this email)
>>
>> Today I went and re-installed a new server and put fedora-ds on by
>> excluding the 389* packages. I imported my directory and enabled
>> windows sync on this system. The password sync works fine from this new
>> system.
>>
>> Has anyone run into a similar issue?
>> Is there a way to downgrade after upgrading to 389?
>> Could the issue have anything to do with the name of the service (i.e.
>> changing a config parameter that windows sync uses from fedora-ds- to
>> 389-)?
>> Could this still be the same bug as listed above, or should I open a new
>> one?
>>
> Please open a new bug.
>>
>> All fds/389 systems are centos 5.4
>>
>> Packages on Working sync:
>>
>> fedora-ds-console-1.2.0-1.fc6
>> fedora-ds-base-1.2.0-2.fc6
>> fedora-ds-dsgw-1.1.2-1.fc6
>> fedora-ds-admin-1.1.7-3.fc6
>> fedora-ds-1.1.3-1.fc6
>> fedora-ds-admin-console-1.1.3-1.fc6
>>
>>
>> Packages Non-working sync:
>>
>> 389-ds-console-1.2.0-4.el5
>> 389-admin-1.1.8-4.el5
>> 389-console-1.1.3-3.el5
>> 389-ds-console-doc-1.2.0-4.el5
>> 389-ds-1.1.3-4.el5
>> 389-admin-console-1.1.4-1.el5
>> 389-admin-console-doc-1.1.4-1.el5
>> 389-adminutil-1.1.8-3.el5
>> 389-ds-base-1.2.2-1.el5
>> 389-dsgw-1.1.4-1.el5
>>
>>
>>
>>
>>
>>
>>
>> IMPORTANT: This transmission is sent on behalf of Knouse Foods ® for
>> business
>> purposes. It is for the intended recipient only. If you are not the
>> intended
>> recipient or a person responsible for delivering this transmission to
>> the intended recipient, you may not disclose, copy or distribute this
>> transmission or take any action in reliance on it. If you received this
>> transmission in error, please notify us immediately by replying to this
>> Email message, and please dispose of and delete this transmission.
>> Thank you.
>>
>> --
>> 389 users mailing list
>> 389-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
More information about the Fedora-directory-users
mailing list