Howdy, I am using FDS 1.0.1, syncing with AD. User sync works just fine. I have a separate sync agreement for groups, but membership does not seem to be synced... I do get errors that look like this: [09/Jan/2006:15:43:58 -0500] NSMMReplicationPlugin - agmt="cn=ADGroupSYnc" (bsod:636): windows_replay_update: failed to fetch local entry for modify operation dn="uid=teststudent,ou=students,ou=people,dc=arbor,dc=edu" And some like this: [09/Jan/2006:15:40:45 -0500] - slapi_modify_internal_set_pb: NULL parameter [09/Jan/2006:15:40:45 -0500] - allow_operation: component identity is NULL And a couple of these: [09/Jan/2006:15:40:41 -0500] - Entry "cn=testgroup,ou=portal,ou=uGroups, dc=arbor,dc=edu" -- attribute "mail" not allowed [09/Jan/2006:15:40:41 -0500] NSMMReplicationPlugin - windows_update_local_entry: failed to modify entry cn=testgroup,ou=portal,ou=uGroups, dc=arbor, dc=edu Any insight? -- Daniel Shackelford Systems Administrator Technology Services Spring Arbor University 517 750-6648 "For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many" Mark 10:45
Daniel Shackelford wrote:> I am using FDS 1.0.1, syncing with AD. User sync works just fine. I > have a separate sync agreement for groups, but membership does not > seem to be synced... > I do get errors that look like this: > > [09/Jan/2006:15:43:58 -0500] NSMMReplicationPlugin - > agmt="cn=ADGroupSYnc" (bsod:636): windows_replay_update: failed to > fetch local entry for modify operation > dn="uid=teststudent,ou=students,ou=people,dc=arbor,dc=edu" > > And some like this: > > [09/Jan/2006:15:40:45 -0500] - slapi_modify_internal_set_pb: NULL > parameter > [09/Jan/2006:15:40:45 -0500] - allow_operation: component identity is > NULL > > > And a couple of these: > [09/Jan/2006:15:40:41 -0500] - Entry > "cn=testgroup,ou=portal,ou=uGroups, dc=arbor,dc=edu" -- attribute > "mail" not allowed > [09/Jan/2006:15:40:41 -0500] NSMMReplicationPlugin - > windows_update_local_entry: failed to modify entry > cn=testgroup,ou=portal,ou=uGroups, dc=arbor, dc=edu > > Any insight? >Hmm...yes. Unfortunately when I said earlier that this two agreement scheme would work, I was smoking crack. I forgot that we have a check on the group members : we don''t sync members that are not also subject to the sync agreement. It has no way to know that you have those members sync''ed with another agreement, and hence assumed that they''re not sync''ed. This will mean that it will refuse to sync any group content.