Unfortunately one thing is still missing in Winsync configuration.
Changing the Windows Subtree config, i've noticed that it replicates full DN and if missing in the destination(ex: contained OU in AD), D389 it fails.
Just to explain me well.
The source AD subtree has become:
dc=lab,dc=local
The Destination D389 subtree is:
ou=Internal Users,ou=people,dc=lab,dc=com
Syncing, for example a user like "CN=Test User28,CN=Users,DC=lab,DC=local" from AD to D389, Winsync tries to find destination like "CN=Test User28,cn=users,ou=internal users,ou=people,dc=lab,dc=com" and it fails because in D389 cn=users does not exist.
Error example:
[09/Dec/2021:16:54:24.989240510 +0100] - ERR - NSMMReplicationPlugin - windows sync - windows_update_local_entry - Failed to rename entry ("uid=test.user28,ou=Internal Users,ou=people,dc=lab,dc=com"); LDAP error - 32 (newrdn: "uid=test.user28", newsuperior: "cn=users,ou=internal users,ou=people,dc=lab,dc=com"
[09/Dec/2021:16:54:25.006162407 +0100] - DEBUG - NSMMReplicationPlugin - windows sync - windows_process_dirsync_entry - agmt="cn=AD2D389" (labdc1:636) - Failed to update inbound entry for CN=Test User 28,CN=D389Sync,DC=lab,DC=local.
Is there any way to replicate only the relative parts without searching for a full DN?
or
Can Winsync create/replicate missing Ous or containers?
What am i missing?
Many Thanks
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
No comments:
Post a Comment