possible. I think I tried to all in one approach, but there was some
kind of issue. The MS server is 2008 R2.
The DS server is version 1.3.1. the attributes set on the groups are
ntgroupcreatenewgroup = on, nt goupdeletegroup = on, ntuniqueid
= xxxxxxxxxxxxxx, ntuserdomainid = "group name". It has the ntgroup
objectClass, and a list of uniquemembers.
Cheers
DuWayne
On Sun, 2014-05-18 at 20:42 +0300, Vesa Alho wrote:
> On 05/16/2014 09:12 PM, DuWayne Holsbeck wrote:
> > I have a 389 and AD servers setup, and sync agreements configured for
> > users, and groups. The Groups synced fine, but on the AD side there are
> > no members in the groups. I set the ntGroup objectClass, ntGroupType,
> > ntGroupCreateNewAccount, ntGroupDeleteAccount, ntUniqueId attributes set
> > on the 389DS side.Initial sync runs without errors.
> >
> > Am I missing something, or is there a trick to get the Group memberships
> > to sync up between the 2?
> >
> > Any suggestions on a fix, or way to troubleshoot the issue would be
> > greatly appreciated.
>
> Did you setup a single sync agreement? I managed to get group members
> working when syncing users and groups with single sync agreement. Due to
> our ldap structure, I had to create sync agreement for the whole root
> suffix.
>
> 389: dc=domain,dc=com ==> AD: ou=ldap,dc=domain,dc=com
>
> Before this, I tried to sync users and groups with separate sync
> agreements which didn't work. Also check you are running at least
> version 1.2.11.29. I had general problems with MS Server 2012 R2 with
> earlier versions.
>
> -Vesa
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
No comments:
Post a Comment