Hi all,
I am trying to have one way windows sync (from windows AD to LDAP) but i need to exclude some attributes. Is this possible? I cannot find any documentation on this.
I already try this with 389ds running on CentOS7 and CentOS8 with no result. I am using nsDS5ReplicatedAttributeListTotal and nsDS5ReplicatedAttributeList attributes but i am still getting replicated values of the excluded attributes.
I found this but i am not sure if this is the case: https://bugzilla.redhat.com/show_bug.cgi?id=800101 Can you please provide guidelines on this? Anyone try this before?
Regards,
-- Andry Michaelidou Papa | IT Systems Administrator|Department of Computer Science| University of Cyprus Tel: +357.22.892734 | Fax: +357.22.8927201 | http://www.cs.ucy.ac.cy/~andrim http://www.cs.ucy.ac.cy/%7Eandrim
On 15 Jan 2021, at 18:44, Andry Michaelidou andrim@cs.ucy.ac.cy wrote:
Hi all, I am trying to have one way windows sync (from windows AD to LDAP) but i need to exclude some attributes. Is this possible? I cannot find any documentation on this.
I already try this with 389ds running on CentOS7 and CentOS8 with no result. I am using nsDS5ReplicatedAttributeListTotal and nsDS5ReplicatedAttributeList attributes but i am still getting replicated values of the excluded attributes.
I found this but i am not sure if this is the case: https://bugzilla.redhat.com/show_bug.cgi?id=800101 Can you please provide guidelines on this? Anyone try this before?
Looking at dsconf winsync command I see:
dsconf localhost repl-winsync-agmt create --help ... --frac-list FRAC_LIST List of attributes to NOT replicate to the consumer during incremental updates
Perhaps this is the setting you want?
Regards,
-- Andry Michaelidou Papa | IT Systems Administrator |Department of Computer Science | University of Cyprus Tel: +357.22.892734 | Fax: +357.22.8927201 | http://www.cs.ucy.ac.cy/~andrim
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs, Australia
Hello again,
If i try to run
*dsconf -D "cn=Directory Manager" **ldap://hostname**repl-winsync-agmt set --suffix="dc=xx" --frac-list="mail" "Users Replication"*
i get :
Error: Operations error [18/Jan/2021:11:31:07.744672483 +0200] - ERR - NSMMReplicationPlugin - agmtlist_modify_callback - Failed to update replicated attributes for agreement agmt="cn=Users Replication"
In my point of view seems to be related to https://github.com/389ds/389-ds-base/issues/10 Any developer in the group to verify if this is the case?
*Is fractional replication feasible with winsync or only with normal replication?*
-- Andry Michaelidou Papa | IT Systems Administrator|Department of Computer Science| University of Cyprus Tel: +357.22.892734 | Fax: +357.22.8927201 | http://www.cs.ucy.ac.cy/~andrim http://www.cs.ucy.ac.cy/%7Eandrim
On 18/1/2021 3:29 π.μ., William Brown wrote:
On 15 Jan 2021, at 18:44, Andry Michaelidouandrim@cs.ucy.ac.cy wrote:
Hi all, I am trying to have one way windows sync (from windows AD to LDAP) but i need to exclude some attributes. Is this possible? I cannot find any documentation on this.
I already try this with 389ds running on CentOS7 and CentOS8 with no result. I am using nsDS5ReplicatedAttributeListTotal and nsDS5ReplicatedAttributeList attributes but i am still getting replicated values of the excluded attributes.
I found this but i am not sure if this is the case:https://bugzilla.redhat.com/show_bug.cgi?id=800101 Can you please provide guidelines on this? Anyone try this before?
Looking at dsconf winsync command I see:
dsconf localhost repl-winsync-agmt create --help ... --frac-list FRAC_LIST List of attributes to NOT replicate to the consumer during incremental updates
Perhaps this is the setting you want?
Regards,
-- Andry Michaelidou Papa | IT Systems Administrator |Department of Computer Science | University of Cyprus Tel: +357.22.892734 | Fax: +357.22.8927201 |http://www.cs.ucy.ac.cy/~andrim
389-users mailing list --389-users@lists.fedoraproject.org To unsubscribe send an email to389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs, Australia _______________________________________________ 389-users mailing list --389-users@lists.fedoraproject.org To unsubscribe send an email to389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Had a chat with another 389 developer, and we think that you can only fractionally replicate from DS to AD. From AD to DS you have to accept all incoming data as we understand it.
You *could* create a custom plugin that strips the attributes you don't want on repl operations, but that could be quite involved.
Sorry about that,
On 19 Jan 2021, at 15:21, Andry Michaelidou andrim@cs.ucy.ac.cy wrote:
Hello again,
If i try to run
dsconf -D "cn=Directory Manager" ldap://hostname repl-winsync-agmt set --suffix="dc=xx" --frac-list="mail" "Users Replication"
i get :
Error: Operations error [18/Jan/2021:11:31:07.744672483 +0200] - ERR - NSMMReplicationPlugin - agmtlist_modify_callback - Failed to update replicated attributes for agreement agmt="cn=Users Replication"
In my point of view seems to be related to https://github.com/389ds/389-ds-base/issues/10 Any developer in the group to verify if this is the case?
Is fractional replication feasible with winsync or only with normal replication?
-- Andry Michaelidou Papa | IT Systems Administrator |Department of Computer Science | University of Cyprus Tel: +357.22.892734 | Fax: +357.22.8927201 | http://www.cs.ucy.ac.cy/~andrim
On 18/1/2021 3:29 π.μ., William Brown wrote:
On 15 Jan 2021, at 18:44, Andry Michaelidou andrim@cs.ucy.ac.cy wrote:
Hi all, I am trying to have one way windows sync (from windows AD to LDAP) but i need to exclude some attributes. Is this possible? I cannot find any documentation on this.
I already try this with 389ds running on CentOS7 and CentOS8 with no result. I am using nsDS5ReplicatedAttributeListTotal and nsDS5ReplicatedAttributeList attributes but i am still getting replicated values of the excluded attributes.
I found this but i am not sure if this is the case: https://bugzilla.redhat.com/show_bug.cgi?id=800101
Can you please provide guidelines on this? Anyone try this before?
Looking at dsconf winsync command I see:
dsconf localhost repl-winsync-agmt create --help ... --frac-list FRAC_LIST List of attributes to NOT replicate to the consumer during incremental updates
Perhaps this is the setting you want?
Regards,
-- Andry Michaelidou Papa | IT Systems Administrator |Department of Computer Science | University of Cyprus Tel: +357.22.892734 | Fax: +357.22.8927201 | http://www.cs.ucy.ac.cy/~andrim
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs, Australia _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs, Australia
389-users@lists.fedoraproject.org