I had everything setup to sync to my domain controller and things were working fine. Recently I saw this message in the logs:
[30/Apr/2010:11:59:10 -0500] NSMMReplicationPlugin - agmt="cn=toto.hra.local" (10:636): windows_replay_update: Cannot replay add operation.
So I thought maybe I would try to remove the agreement and re-add it and re-initalize. After doing this now I get this message again along with the every 5 seconds.
[30/Apr/2010:12:01:31 -0500] NSMMReplicationPlugin - agmt="cn=toto.hra.local" (10:636): Replica has no update vector. It has never been initialized.
This is on 389-ds 1.2.5 running on x86_64 RHEL 5.4
I think this all started when I added an ipHost entry to an OU that should not even be looked at for syncing purposes. Any ideas on how to clear this up so I can sync with windows again? I'm not using the create new users or groups, just trying to sync passwords.
I turned replication debug logging on and this part looks interesting to me:
[30/Apr/2010:12:48:17 -0500] NSMMReplicationPlugin - agmt="cn=toto" (10:636): map_entry_dn_outbound: entry not found - rc 0 [30/Apr/2010:12:48:17 -0500] NSMMReplicationPlugin - agmt="cn=toto" (10:636): Received result code 32 (0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'OU=HRA,DC=hra,DC=local' ) for add operation [30/Apr/2010:12:48:17 -0500] NSMMReplicationPlugin - agmt="cn=toto" (10:636): windows_replay_update: Cannot replay add operation. [30/Apr/2010:12:48:17 -0500] NSMMReplicationPlugin - agmt="cn=toto" (10:636): Beginning linger on the connection [30/Apr/2010:12:48:17 -0500] NSMMReplicationPlugin - agmt="cn=toto" (10:636): windows_tot_run: failed to obtain data to send to the consumer; LDAP error - 1 [30/Apr/2010:12:48:17 -0500] NSMMReplicationPlugin - agmt="cn=toto" (10:636): No linger to cancel on the connection [30/Apr/2010:12:48:17 -0500] NSMMReplicationPlugin - agmt="cn=toto" (10:636): Disconnected from the consumer
On Fri, Apr 30, 2010 at 12:03 PM, Aaron Hagopian airhead1@gmail.com wrote:
I had everything setup to sync to my domain controller and things were working fine. Recently I saw this message in the logs:
[30/Apr/2010:11:59:10 -0500] NSMMReplicationPlugin - agmt="cn=toto.hra.local" (10:636): windows_replay_update: Cannot replay add operation.
So I thought maybe I would try to remove the agreement and re-add it and re-initalize. After doing this now I get this message again along with the every 5 seconds.
[30/Apr/2010:12:01:31 -0500] NSMMReplicationPlugin - agmt="cn=toto.hra.local" (10:636): Replica has no update vector. It has never been initialized.
This is on 389-ds 1.2.5 running on x86_64 RHEL 5.4
I think this all started when I added an ipHost entry to an OU that should not even be looked at for syncing purposes. Any ideas on how to clear this up so I can sync with windows again? I'm not using the create new users or groups, just trying to sync passwords.
Aaron Hagopian wrote:
I had everything setup to sync to my domain controller and things were working fine. Recently I saw this message in the logs:
[30/Apr/2010:11:59:10 -0500] NSMMReplicationPlugin - agmt="cn=toto.hra.local" (10:636): windows_replay_update: Cannot replay add operation.
So I thought maybe I would try to remove the agreement and re-add it and re-initalize. After doing this now I get this message again along with the every 5 seconds.
[30/Apr/2010:12:01:31 -0500] NSMMReplicationPlugin - agmt="cn=toto.hra.local" (10:636): Replica has no update vector. It has never been initialized.
This happens sometimes. Not sure why, but sometimes you have to re-init a few times before it actually starts working.
This is on 389-ds 1.2.5 running on x86_64 RHEL 5.4
I think this all started when I added an ipHost entry to an OU that should not even be looked at for syncing purposes.
Does it have any user/person related or group related object classes?
Any ideas on how to clear this up so I can sync with windows again? I'm not using the create new users or groups, just trying to sync passwords.
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Just figured it out. I had written a script that finds people with the same username (which is uniformly how we've done it) in both active directory and 389ds. If they had the same username in both (I manually verified these were correct matches) I added the ntUser class and set their username in 389ds.
I didn't have a prob on the initial init because I hadn't run my script yet and only had a couple i added by hand. I then ran my script which ended up pulling in people that were deleted in the AD side but on a blind search they show up from the deleted user's OU (or something like that). Once I figured that out I also found a couple of people that were active accounts but were not in the subtree I had setup the windows sync for which also caused the problem.
So I wrote a new script to remove the ntUser objectClass for people not in the substree I was planning on syncing and did a new initialization of the consumer and it worked.
On Fri, Apr 30, 2010 at 1:41 PM, Rich Megginson rmeggins@redhat.com wrote:
Aaron Hagopian wrote:
I had everything setup to sync to my domain controller and things were working fine. Recently I saw this message in the logs:
[30/Apr/2010:11:59:10 -0500] NSMMReplicationPlugin - agmt="cn=toto.hra.local" (10:636): windows_replay_update: Cannot replay add operation.
So I thought maybe I would try to remove the agreement and re-add it and re-initalize. After doing this now I get this message again along with the every 5 seconds.
[30/Apr/2010:12:01:31 -0500] NSMMReplicationPlugin - agmt="cn=toto.hra.local" (10:636): Replica has no update vector. It has never been initialized.
This happens sometimes. Not sure why, but sometimes you have to re-init a few times before it actually starts working.
This is on 389-ds 1.2.5 running on x86_64 RHEL 5.4
I think this all started when I added an ipHost entry to an OU that should not even be looked at for syncing purposes.
Does it have any user/person related or group related object classes?
Any ideas on how to clear this up so I can sync with windows again? I'm not using the create new users or groups, just trying to sync passwords.
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org