[389-users] loss of group members in AD after initialization of sync
Richard Megginson
rmeggins at redhat.com
Wed Jun 17 21:05:19 UTC 2009
----- "Jean-Noel Chardron" <Jean-Noel.Chardron at dr15.cnrs.fr> wrote:
> Richard Megginson a écrit :
> > ----- "jean-Noël Chardron" <Jean-Noel.Chardron at dr15.cnrs.fr> wrote:
> >
> >
> >> hello,
> >>
> >> When I initiate a first full synchronization of DS and AD I lost
> >> members
> >> in groups
> >>
> >> error log shows :
> >>
> >> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: looking for local entry
> matching
> >>
> >> AD entry [CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr]
> >> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by
> guid
> >>
> >> [c0e73a492ffbc04c9e85781a68f45023]
> >> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1
> >> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by
> uid
> >> [SFC]
> >> [...]
> >> [10/Jun/2009:15:00:11 +0200] - Windows sync entry: Adding new local
>
> >> entry dn: cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr
> >> objectClass: top
> >> objectClass: groupofuniquenames
> >> objectClass: ntGroup
> >> ntGroupDeleteGroup: true
> >> cn: SFC
> >> description: Service Financier et Comptable
> >> uniqueMember: uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15,
> >> dc=cnrs, dc=
> >> fr
> >> uniqueMember:[...]
> >> follow 10 members
> >>
> >> [...]
> >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - received
> entry
> >> from
> >> dirsync: CN=MX,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr
> >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: looking for local entry
> matching
> >>
> >> AD entry
> [CN=MX,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr]
> >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by
> guid
> >>
> >> [0cdf6e627d64684cb10c70b3b8753fda]
> >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1
> >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by
> uid
> >> [MX]
> >> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: problem looking for
> username:
> >> -1
> >> [10/Jun/2009:15:00:24 +0200] - Windows sync entry: Adding new local
>
> >> entry dn: uid=MX,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs,
> >> dc=fr
> >> objectClass: top
> >> objectClass: person
> >> objectClass: organizationalperson
> >> objectClass: inetOrgPerson
> >> objectClass: ntUser
> >> ntUserDeleteAccount: true
> >> uid: MX
> >> sn: MX
> >> givenName: Guillaume
> >> cn: MX
> >> ntUserCodePage: 0
> >> ntUserAcctExpires: 0
> >> ntUserDomainId: MX
> >> mail: Guillaume.MX at dr15.cnrs.fr
> >> ntUniqueId: 0cdf6e627d64684cb10c70b3b8753fda
> >>
> >>
> >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): windows_process_total_entry: Looking
> >> dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr"
> (ours)
> >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS
>
> >> dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr"
> >> guid="c0e73a492ffbc04c9e85781a68f45023"
> >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS
>
> >> dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr"
> >> username="SFC"
> >> [10/Jun/2009:15:01:34 +0200] - Calling windows entry search
> request
> >> plugin
> >> [10/Jun/2009:15:01:34 +0200] - windows_search_entry: recieved 2
> >> messages, 1 entries, 0 references
> >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_outbound: found AD entry
> >> dn="CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr"
> >> [10/Jun/2009:15:01:34 +0200] - Calling windows entry search
> request
> >> plugin
> >> [10/Jun/2009:15:01:34 +0200] - windows_search_entry: recieved 2
> >> messages, 1 entries, 0 references
> >> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin -
> >> windows_generate_update_mods:
> >> CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr, description
> :
> >> values are equal
> >> [10/Jun/2009:15:01:35 +0200] - map_dn_values: no local entry found
> for
> >>
> >> uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr
> >> [10/Jun/2009:15:01:35 +0200] - map_dn_values: no local entry found
> for
> >> uid=
> >>
> >> [follow 10 entries,]
> >>
> >> [10/Jun/2009:15:01:35 +0200] - Calling windows entry search
> request
> >> plugin
> >> [10/Jun/2009:15:01:35 +0200] - windows_search_entry: recieved 2
> >> messages, 1 entries, 0 references
> >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: looking for local entry
> matching
> >>
> >> AD entry
> >> [CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr]
> >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by
> guid
> >>
> >> [72a7171ffaa0d84a9ca4ec2d90a4ab2b]
> >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1
> >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by
> uid
> >> [essaibug]
> >> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: problem looking for
> username:
> >> -1
> >> [10/Jun/2009:15:01:35 +0200] - Calling windows entry search
> request
> >> plugin
> >> [10/Jun/2009:15:01:35 +0200] - windows_search_entry: recieved 2
> >> messages, 1 entries, 0 references
> >>
> >> [10/Jun/2009:15:01:38 +0200] NSMMReplicationPlugin -
> >> windows_generate_update_mods:
> >> CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr,
> sAMAccountName
> >> :
> >> values are equal
> >> [10/Jun/2009:15:01:38 +0200] - smod - windows sync
> >> [10/Jun/2009:15:01:38 +0200] - smod 0 - delete: member
> >> [10/Jun/2009:15:01:38 +0200] - smod 0 - value: member:
> >> CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr
> >> [10/Jun/2009:15:01:38 +0200] - smod 1 - delete: member
> >> [10/Jun/2009:15:01:38 +0200] - smod 1 - value: member:
> >>
> >> [follow the 10 entries]
> >>
> >> [10/Jun/2009:15:01:39 +0200] NSMMReplicationPlugin -
> >> windows_update_remote_entry: modifying entry
> >> CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr
> >> [10/Jun/2009:15:01:39 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): Received result code 0 () for modify operation
> >>
> >> [10/Jun/2009:15:01:55 +0200] - map_dn_values: no local entry found
> for
> >>
> >> uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr
> >>
> >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - received
> entry
> >> from
> >> dirsync:
> >> CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr
> >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: looking for local entry
> matching
> >>
> >> AD entry
> >> [CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr]
> >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by
> guid
> >>
> >> [72a7171ffaa0d84a9ca4ec2d90a4ab2b]
> >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1
> >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: looking for local entry by
> uid
> >> [essaibug]
> >> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_inbound: problem looking for
> username:
> >> -1
> >> [10/Jun/2009:15:05:52 +0200] - Windows sync entry: Adding new local
>
> >> entry dn: uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15,
> dc=cnrs,
> >> dc=fr
> >> objectClass: top
> >> objectClass: person
> >> objectClass: organizationalperson
> >> objectClass: inetOrgPerson
> >> objectClass: ntUser
> >> ntUserDeleteAccount: true
> >> uid: essaibug
> >> sn: essaibug
> >> cn: essaibug
> >> ntUserCodePage: 0
> >> ntUserAcctExpires: 9223372036854775807
> >> ntUserDomainId: essaibug
> >> ntUniqueId: 72a7171ffaa0d84a9ca4ec2d90a4ab2b
> >>
> >> [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS
>
> >> dn="uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs,
> >> dc=fr"
> >> guid="72a7171ffaa0d84a9ca4ec2d90a4ab2b"
> >> [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS
>
> >> dn="uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs,
> >> dc=fr"
> >> username="essaibug"
> >> [10/Jun/2009:15:07:13 +0200] - Calling windows entry search
> request
> >> plugin
> >> [10/Jun/2009:15:07:13 +0200] - windows_search_entry: recieved 2
> >> messages, 1 entries, 0 references
> >> [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin -
> >> agmt="cn=zebigbos"
> >> (zebigbos:636): map_entry_dn_outbound: found AD entry
> >>
> dn="CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr"
> >>
> >> (following the translation of google)
> >> I suppose that during the initialization of the replication,
> groups
> >> have
> >> lost members (group sfc) with the logs in order explicit removal
> of
> >> the
> >> member in the group, sent by the DS to AD. The most likely
> explanation
> >>
> >> and that the process is sequential but with a dispatch from AD to
> >> DS-anarchic, with a group can be created before members in DS
> users.
> >> these are leading to a later stage in a request for suppresssion AD
> DS
> >>
> >> to members of the group that did not exist before the creation of
> the
> >>
> >> group. This is "normal" since DS checks the consistency of
> information
> >>
> >> and therefore the group members. The solution to this problem is to
>
> >> create manually in the AD to add the lost members in the group or
> may
> >> be
> >> to initialize sync twice in a closed time.
> >>
> >> The administrator of the Windows server and the AD insulted me as a
>
> >> result of this blunder
> >> I asked him if he had a backup of the AD. he had not
> >>
> >>
> >
> > So let me see if I understand what is happening:
> > DS attempts to sync some groups from AD - since the user does not
> exist, it deletes the member from the group. Then it syncs the group
> back to AD, and deletes those users from AD.
> > Is that correct?
> > I suppose a workaround would be to make sure all of the users are
> first added to DS, then sync the groups.
> >
> yes, that is correct.
Ok. Please open a bug about this issue. Is there a way to make sure all of the users are synced first?
>
> >> --
> >>
> >> Jean-Noel Chardron
> >>
> >>
> >> --
> >> 389 users mailing list
> >> 389-users at redhat.com
> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>
> >
> > --
> > 389 users mailing list
> > 389-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
>
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
More information about the Fedora-directory-users
mailing list