AD Sync Fails with: R00002105: LdapErr: DSID-0C0907C9, comment: Error processing control, data 0, vece.
Using: - 389 DS 8.1 - AD 2003/2008
I am trying to sync from AD (one way) to 389 DS and getting the following error:
R00002105: LdapErr: DSID-0C0907C9, comment: Error processing control, data 0, vece.
A tcpdump does not appear to reveal anything in the way of errors and I got the above error from the packet capture.
Any idea how to continue troubleshooting or resolve this issue?
I can query AD via ldapsearch using the AD credential set that I have configured in the sync agreement.
Thanks,
On 07/11/2011 09:31 PM, Josh Miller wrote:
Using:
- 389 DS 8.1
8.1???? Platform? rpm -qi 389-ds-base
- AD 2003/2008
I am trying to sync from AD (one way) to 389 DS and getting the following error:
R00002105: LdapErr: DSID-0C0907C9, comment: Error processing control, data 0, vece.
A tcpdump does not appear to reveal anything in the way of errors
Could you post an excerpt from it?
and I got the above error from the packet capture.
Any idea how to continue troubleshooting or resolve this issue?
I can query AD via ldapsearch using the AD credential set that I have configured in the sync agreement.
389 uses the AD DirSync Control for reading the list of changes. The bind DN you are using to connect to AD must have Replicator rights in order to use this control.
Thanks,
On 7/12/2011 7:33 AM, Rich Megginson wrote:
Hi Rich, thanks for the response.
On 07/11/2011 09:31 PM, Josh Miller wrote:
Using:
- 389 DS 8.1
8.1???? Platform? rpm -qi 389-ds-base
Name : centos-ds-base Relocations: (not relocatable) Version : 8.1.0 Vendor: CentOS Release : 0.14.el5.centos.2 Build Date: Thu 14 May 2009 06:38:31 AM PDT Install Date: Thu 03 Feb 2011 12:15:02 PM PST Build Host: builder10.centos.org Group : System Environment/Daemons Source RPM: centos-ds-base-8.1.0-0.14.el5.centos.2.src.rpm Size : 5117970 License: GPLv2 with exceptions Signature : DSA/SHA1, Tue 26 May 2009 03:33:09 PM PDT, Key ID a8a447dce8562897 URL : http://www.centos.org/ Summary : CentOS Directory Server (base) Description : CentOS Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.
- AD 2003/2008
I am trying to sync from AD (one way) to 389 DS and getting the following error:
R00002105: LdapErr: DSID-0C0907C9, comment: Error processing control, data 0, vece.
A tcpdump does not appear to reveal anything in the way of errors
Could you post an excerpt from it?
I've attached the portion of the package capture between the 3-way hand-shake between the domain controller and when the directory server begins sending it's entries back to the domain controller.
and I got the above error from the packet capture.
Any idea how to continue troubleshooting or resolve this issue?
I can query AD via ldapsearch using the AD credential set that I have configured in the sync agreement.
389 uses the AD DirSync Control for reading the list of changes. The bind DN you are using to connect to AD must have Replicator rights in order to use this control.
I believe this has been done already, although I have no access to the domain to verify this other than through LDAP. I have confirmed this with the windows admin twice now to be sure.
Thanks,
Thanks a lot,
On 07/19/2011 08:55 PM, Josh Miller wrote:
On 7/12/2011 7:33 AM, Rich Megginson wrote:
Hi Rich, thanks for the response.
On 07/11/2011 09:31 PM, Josh Miller wrote:
Using:
- 389 DS 8.1
8.1???? Platform? rpm -qi 389-ds-base
Name : centos-ds-base Relocations: (not relocatable) Version : 8.1.0 Vendor: CentOS Release : 0.14.el5.centos.2 Build Date: Thu 14 May 2009 06:38:31 AM PDT Install Date: Thu 03 Feb 2011 12:15:02 PM PST Build Host: builder10.centos.org Group : System Environment/Daemons Source RPM: centos-ds-base-8.1.0-0.14.el5.centos.2.src.rpm Size : 5117970 License: GPLv2 with exceptions Signature : DSA/SHA1, Tue 26 May 2009 03:33:09 PM PDT, Key ID a8a447dce8562897 URL : http://www.centos.org/ Summary : CentOS Directory Server (base) Description : CentOS Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.
32-bit or 64-bit?
- AD 2003/2008
I am trying to sync from AD (one way) to 389 DS and getting the following error:
R00002105: LdapErr: DSID-0C0907C9, comment: Error processing control, data 0, vece.
A tcpdump does not appear to reveal anything in the way of errors
Could you post an excerpt from it?
I've attached the portion of the package capture between the 3-way hand-shake between the domain controller and when the directory server begins sending it's entries back to the domain controller.
I know tshark has a mode that can produce a hex dump along with a "printable" view. I need to see the hex dump.
Can you also provide your centos-ds windows sync agreement entry?
and I got the above error from the packet capture.
Any idea how to continue troubleshooting or resolve this issue?
I can query AD via ldapsearch using the AD credential set that I have configured in the sync agreement.
389 uses the AD DirSync Control for reading the list of changes. The bind DN you are using to connect to AD must have Replicator rights in order to use this control.
I believe this has been done already, although I have no access to the domain to verify this other than through LDAP. I have confirmed this with the windows admin twice now to be sure.
There is a python-ldap script you can use for testing. See https://github.com/richm/scripts/blob/master/dirsyncctrl.py
You will have to edit the script to provide your windows sync DN, hostname, port, password, and suffix. Then run it like
python dirsyncctrl.py
Thanks,
Thanks a lot,
389-users@lists.fedoraproject.org
-
Josh Miller -
Rich Megginson