thr3ads.net - Fedora directory users - [Fedora-directory-users] Windows Sync: Full re-syncronization fails [Oct 2008]

If this information is useful, please help other people find it:
Share via:

Erling Ringen Elvsrud

2008-Oct-09 09:03 UTC

[Fedora-directory-users] Windows Sync: Full re-syncronization fails

I have just configured Windows sync (I use RHDS 8.0/RHEL 5.1). When
initiating a full re-syncronization I get these log-entries from the
Linux side:

[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin - Running Dirsync
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): State: wait_for_changes ->
wait_for_changes
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): State: wait_for_changes ->
ready_to_acquire_replica
[03/Oct/2008:13:05:40 +0200] - acquire_replica, supplier RUV:
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin - supplier:
{replicageneration} 48e5d6030000ffff0000
[03/Oct/2008:13:05:40 +0200] - acquire_replica, consumer RUV:
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin - consumer:
{replicageneration} 48e5d6030000ffff0000
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): Trying non-secure slapi_ldap_init
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): binddn = Cn=srvLinuxLDAP,
cn=users,dc=utv,dc=internsone2,dc=local,  passwd
{DES}5OZLz0E4j2onl1VNZhRT3g=[03/Oct/2008:13:05:40 +0200] - windows_conn_connect
: detected Win2k3 peer
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): No linger to cancel on the
connection
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
windows_acquire_replica returned success (101)
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): State: ready_to_acquire_replica
-> sending_updates
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): No changes to send
[03/Oct/2008:13:05:40 +0200] - Sending dirsync search request
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): Beginning linger on the
connection
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): Linger timeout has expired on the
connection
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): State: sending_updates ->
wait_for_changes
[03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
agmt="cn=testsync" (e24dcvw001:389): Disconnected from the consumer
>From the AD side I get this in the event-log:
Internal event: The LDAP server returned an error.

Additional Data
Error value:
00002105: LdapErr: DSID-0C0907C9, comment: Error processing control,
data 0, vece

Anyone familiar with these problems?

Do you know if it is possible to log all ldap-queries sent to AD from DS? I have
enabled all possible logging, but I cannot find the query from the full re-sync
operation in the logs.

Best regards,

Erling

Rich Megginson

2008-Oct-09 13:20 UTC

head link

Re: [Fedora-directory-users] Windows Sync: Full re-syncronization fails

Erling Ringen Elvsrud wrote:> I have just configured Windows sync (I use RHDS 8.0/RHEL 5.1). When
> initiating a full re-syncronization I get these log-entries from the
> Linux side:
>
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin - Running Dirsync
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
> agmt="cn=testsync" (e24dcvw001:389): State: wait_for_changes
->
> wait_for_changes
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
> agmt="cn=testsync" (e24dcvw001:389): State: wait_for_changes
->
> ready_to_acquire_replica
> [03/Oct/2008:13:05:40 +0200] - acquire_replica, supplier RUV:
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin - supplier:
> {replicageneration} 48e5d6030000ffff0000
> [03/Oct/2008:13:05:40 +0200] - acquire_replica, consumer RUV:
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin - consumer:
> {replicageneration} 48e5d6030000ffff0000
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
> agmt="cn=testsync" (e24dcvw001:389): Trying non-secure
slapi_ldap_init
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
> agmt="cn=testsync" (e24dcvw001:389): binddn = Cn=srvLinuxLDAP,
> cn=users,dc=utv,dc=internsone2,dc=local,  passwd >
{DES}5OZLz0E4j2onl1VNZhRT3g=> [03/Oct/2008:13:05:40 +0200] -
windows_conn_connect : detected Win2k3 peer
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
> agmt="cn=testsync" (e24dcvw001:389): No linger to cancel on the
> connection
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
> windows_acquire_replica returned success (101)
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
> agmt="cn=testsync" (e24dcvw001:389): State:
ready_to_acquire_replica
> -> sending_updates
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
> agmt="cn=testsync" (e24dcvw001:389): No changes to send
> [03/Oct/2008:13:05:40 +0200] - Sending dirsync search request
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
> agmt="cn=testsync" (e24dcvw001:389): Beginning linger on the
> connection
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
> agmt="cn=testsync" (e24dcvw001:389): Linger timeout has expired
on the
> connection
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
> agmt="cn=testsync" (e24dcvw001:389): State: sending_updates ->
> wait_for_changes
> [03/Oct/2008:13:05:40 +0200] NSMMReplicationPlugin -
> agmt="cn=testsync" (e24dcvw001:389): Disconnected from the
consumer
>
> >From the AD side I get this in the event-log:
>
> Internal event: The LDAP server returned an error.
>
> Additional Data
> Error value:
> 00002105: LdapErr: DSID-0C0907C9, comment: Error processing control,
> data 0, vece
>
> Anyone familiar with these problems?
>   Looks like AD received an invalid LDAP message.  I''ve seen this before 
when the DirSync control is not formed correctly.  But I''m not sure how
this could happen.  I suggest running tcpdump or wireshark to capture 
the LDAP traffic between Fedora DS and AD to see what LDAP message is 
being sent.> Do you know if it is possible to log all ldap-queries sent to AD from DS? I
have
> enabled all possible logging, but I cannot find the query from the full
re-sync
> operation in the logs.
>
> Best regards,
>
> Erling
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Erling Ringen Elvsrud

2008-Oct-09 15:34 UTC

head link

Re: [Fedora-directory-users] Windows Sync: Full re-syncronization fails

On Thu, Oct 9, 2008 at 3:20 PM, Rich Megginson <rmeggins@redhat.com>
wrote:
[...]>
> Looks like AD received an invalid LDAP message.  I''ve seen this
before when
> the DirSync control is not formed correctly.  But I''m not sure how
this
> could happen.  I suggest running tcpdump or wireshark to capture the LDAP
> traffic between Fedora DS and AD to see what LDAP message is being sent.
Thanks for the suggestion. I will try tomorrow.


Erling

Fedora directory users - Oct 2008 - Windows Sync: Full re-syncronization fails

[Fedora-directory-users] Windows Sync: Full re-syncronization fails

Re: [Fedora-directory-users] Windows Sync: Full re-syncronization fails

Re: [Fedora-directory-users] Windows Sync: Full re-syncronization fails