Dear 389-ds community,
I have a question about windows sync agreement. Here¹s the scenario:
two Windows DC¹s and two 389-ds servers as below.
Question1: Can I setup a one-way winsync i.e from windows to ldap? I have
tried it and it was like hit or miss. I did this by not giving the ³write²
permissions to AD for ³CN=Sync Manager². Is this valid way of sync-ing one
way? I have error messages ³Replica has no update vector. It has never been
initialized². I did a full-resynchronization and it went well without
errors. But I am not seeing any entry updates.
Question2: If I have windows sync on both the 389-ds sync-ing to a diferent
DC. Does it cause any loop or issues. The problem I am facing is, that I
have different OU¹s in AD like ou=Marketing, ou=Finance, ou=Customers and
only one ³ou=People² in 389-ds.
I want only one-way sync. AD-->389-ds
Topology I am trying to make work. Please share your comments.
|--------| |------- |
| DC-1 | <---replication----> | DC-2 |
|---------| |-------- |
| 389-1 | <---replication----> | 389-2 |
Show replies by date