I have FDS installed on FC3 and configured to talk to a SBS AD server.
I believe all is well as far as SSL certificates go and if I leave the
"Sync New Windows Users" option off in my Windows replication agreement,
I can readily complete full resyncs and incremental. All of my
non-regular users (mostly Group and the the likes of the (disabled)
Guest account) show up in my FDS directory. No users with passwords show
up, though I'm not suggesting that's the reason they don't show up, but
that's the only thing in common I can imagine.
The AD user that I have the replication agreement setup as is an
Administrator, and if I bind to my AD tree via LDAP with another tool I
can see all the users just fine.
I further believe that I likely have the Password Sync Service setup
correctly, as again the user mentioned in the agreement is a valid user
and from an external browsing tool works fine. I've used certutil.exe -L
and verified the certs in the Redhat Password sync directory are correct
(I have both CA and regular cert in there) and trusted.
If I install from scratch and do not enable the syncing of all users,
complete and incremental updates work just fine. I'm not 100% certain I
have my entire FDS configured correctly, but thanks to many people in
IRC (notably richm!) I believe it's probably ok. I'm very willing to
review possible areas for mistakes there.
However, once I enable the 'Sync New Windows Uses' option, updates never
finish, the load as shown in top(1) is at 100% usage, and I have to kill
the slapd process with -9 to get it to stop (through it's still
responsive, but somehow seems stuck on the replication it has not
completed) and I see this in strace
poll([{fd=24, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9,
events=POLLIN}], 3, 250) = 0 gettimeofday({1120864747, 807852}, NULL) = 0
over and over again.
Any ideas? I can find me in the IRC channel as 'rasp'
thank you