> I have a 389 and AD servers setup, and sync agreements configured for
> users, and groups. The Groups synced fine, but on the AD side there are
> no members in the groups. I set the ntGroup objectClass, ntGroupType,
> ntGroupCreateNewAccount, ntGroupDeleteAccount, ntUniqueId attributes set
> on the 389DS side.Initial sync runs without errors.
>
> Am I missing something, or is there a trick to get the Group memberships
> to sync up between the 2?
>
> Any suggestions on a fix, or way to troubleshoot the issue would be
> greatly appreciated.
Did you setup a single sync agreement? I managed to get group members
working when syncing users and groups with single sync agreement. Due to
our ldap structure, I had to create sync agreement for the whole root
suffix.
389: dc=domain,dc=com ==> AD: ou=ldap,dc=domain,dc=com
Before this, I tried to sync users and groups with separate sync
agreements which didn't work. Also check you are running at least
version 1.2.11.29. I had general problems with MS Server 2012 R2 with
earlier versions.
-Vesa
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
No comments:
Post a Comment