Hi all. I have managed to set up FDS with SSL and I am able to sync users from FDS to windows 2003 AD, but I have a problem syncing groups. I have created a group called staff but I am unable to sync that group. The error message I get in the error log is : NSMMReplicationPlugin - agmt="cn=Active dir" (badabing:636): windows_replay_update: failed to fetch local entry for add operatio n dn="cn=rhi_staff,dc=rhi,dc=hi,dc=is" Can anyone tell me what this error means and how to fix it ? regards Jon
Jón Björn Njálsson wrote:> NSMMReplicationPlugin - agmt="cn=Active dir" (badabing:636): >windows_replay_update: failed to fetch local entry for add operatio >n dn="cn=rhi_staff,dc=rhi,dc=hi,dc=is" > >Can anyone tell me what this error means and how to fix it ? > >This is rather strange. It''s saying that the add operation for your group was found in the changelog, but when the sync code tried to fetch the entry from the database, it failed. I''m not sure how that could have happened (it can''t even happen if the entry is deleted because its tombstone remains). Did anything out of the ordinary happen between adding the group entry and the message ? (power outage, restored database from backup, that kind of thing) ?
Jón Björn Njálsson
2005-Oct-12 21:02 UTC
Re: [Fedora-directory-users] windows sync problem
No nothing like that. I was wondering how can I create a group with nt-attributes ? I noticed that this group doesn´t have an NT attribute. Could that be the problem ?> Jón Björn Njálsson wrote: > >> NSMMReplicationPlugin - agmt="cn=Active dir" (badabing:636): >>windows_replay_update: failed to fetch local entry for add operatio >>n dn="cn=rhi_staff,dc=rhi,dc=hi,dc=is" >> >>Can anyone tell me what this error means and how to fix it ? >> >> > This is rather strange. It''s saying that the add operation for > your group was found in the changelog, but when the sync > code tried to fetch the entry from the database, it failed. > I''m not sure how that could have happened (it can''t even > happen if the entry is deleted because its tombstone remains). > > Did anything out of the ordinary happen between adding > the group entry and the message ? (power outage, restored > database from backup, that kind of thing) ? > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Jón Björn Njálsson wrote:>No nothing like that. I was wondering how can I create a group with >nt-attributes ? > >I noticed that this group doesn´t have an NT attribute. >Could that be the problem ? > >Ah, yes. The error message is therefore a bit misleading. It means that the entry didn''t match the critera for a windows group. If you create the group first and then add the nt attributes, you will need to initiate a full sync in order to get it over to AD (because otherwise it''ll fail in the same way and then the modify will not get propagated because the entry doesn''t already exist in AD).