Hi, We use 389DS and AD with a Winsync method. Our LDAP DIT : * dc=toutou,dc=fr ** dc=orleans,dc=toutou,dc=fr *** ou=people,dc=orleans,dc=toutou,dc=fr *** ou=group,dc=orleans,dc=toutou,dc=fr ** dc=bondy,dc=toutou,dc=fr *** ou=people,dc=bondy,dc=toutou,dc=fr *** ou=group,dc=bondy,dc=toutou,dc=fr Our AD DIT : * dc=toutou,dc=org ** ou=orleans,dc=toutou,dc=org *** ou=utilisateurs, ou=toutou, dc=ird,dc=org *** ou=groupes, ou=toutou,dc=ird,dc=org One can see some OU names are different, such as DIT root. So we cretaed a sync agrement as ou=people,dc=orleans,dc=toutou,dc=fr --- ou=utilisateurs, ou=toutou, dc=ird,dc=org All seems to be ok. However, we need to sync other subtrees, like ou=people,dc=bondy,dc=toutou,dc=fr It seems 389DS wants to syncronize high level entries which are not specified in the agrement. As it tries to do it for each sub agrement, failure occurs with a duplicate value error. How can we do ? Log [08/Oct/2009:15:26:31 +0200] NSMMReplicationPlugin - agmt="cn=win bdy" (maqsvrdc0001:636): Replica has no update vector. It has never been initialized. [08/Oct/2009:15:26:33 +0200] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=win bdy" (maqsvrdc0001:636)". [08/Oct/2009:15:26:33 +0200] - add value "" to attribute type "ARecord" in entry "DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=toutou,DC=org" failed: duplicate new value [08/Oct/2009:15:26:34 +0200] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=win bdy" (maqsvrdc0001:636)". Sent 0 entries. -- =========================================Emmanuel BILLOT IRD - Orléans Délégation aux Systèmes d''Information (DSI) tél : 02 38 49 95 88 ==========================================
2009/10/8 Emmanuel BILLOT <emmanuel.billot@ird.fr>:> Hi, > > We use 389DS and AD with a Winsync method. > Our LDAP DIT : > * dc=toutou,dc=fr > ** dc=orleans,dc=toutou,dc=fr > *** ou=people,dc=orleans,dc=toutou,dc=fr > *** ou=group,dc=orleans,dc=toutou,dc=fr > ** dc=bondy,dc=toutou,dc=fr > *** ou=people,dc=bondy,dc=toutou,dc=fr > *** ou=group,dc=bondy,dc=toutou,dc=fr > > Our AD DIT : > * dc=toutou,dc=org > ** ou=orleans,dc=toutou,dc=org > *** ou=utilisateurs, ou=toutou, dc=ird,dc=org > *** ou=groupes, ou=toutou,dc=ird,dc=org > > One can see some OU names are different, such as DIT root. > > So we cretaed a sync agrement as > ou=people,dc=orleans,dc=toutou,dc=fr --- ou=utilisateurs, ou=toutou, > dc=ird,dc=org > > All seems to be ok. > > However, we need to sync other subtrees, like > ou=people,dc=bondy,dc=toutou,dc=fr > It seems 389DS wants to syncronize high level entries which are not > specified in the agrement. As it tries to do it for each sub agrement, > failure occurs with a duplicate value error. > > How can we do ?Replication is set for an entire database. So I guess you''d need to host a sub-ou on a different database to enable a Windows sync on this particular sub-ou. http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication.html#Replication_Overview-Unit_of_Replication Regards, J.
Jérôme Fenal a écrit :> 2009/10/8 Emmanuel BILLOT <emmanuel.billot@ird.fr>: > >> Hi, >> >> We use 389DS and AD with a Winsync method. >> Our LDAP DIT : >> * dc=toutou,dc=fr >> ** dc=orleans,dc=toutou,dc=fr >> *** ou=people,dc=orleans,dc=toutou,dc=fr >> *** ou=group,dc=orleans,dc=toutou,dc=fr >> ** dc=bondy,dc=toutou,dc=fr >> *** ou=people,dc=bondy,dc=toutou,dc=fr >> *** ou=group,dc=bondy,dc=toutou,dc=fr >> >> Our AD DIT : >> * dc=toutou,dc=org >> ** ou=orleans,dc=toutou,dc=org >> *** ou=utilisateurs, ou=toutou, dc=ird,dc=org >> *** ou=groupes, ou=toutou,dc=ird,dc=org >> >> One can see some OU names are different, such as DIT root. >> >> So we cretaed a sync agrement as >> ou=people,dc=orleans,dc=toutou,dc=fr --- ou=utilisateurs, ou=toutou, >> dc=ird,dc=org >> >> All seems to be ok. >> >> However, we need to sync other subtrees, like >> ou=people,dc=bondy,dc=toutou,dc=fr >> It seems 389DS wants to syncronize high level entries which are not >> specified in the agrement. As it tries to do it for each sub agrement, >> failure occurs with a duplicate value error. >> >> How can we do ? >> > > Replication is set for an entire database. > So I guess you''d need to host a sub-ou on a different database to > enable a Windows sync on this particular sub-ou. > > http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication.html#Replication_Overview-Unit_of_Replication > > Regards, >Ok i wil try this. However, what are those specific entries that DS tries to synchronize ? Why does it not uses only the defined subtrees ? Does it mean that in case of a DIT wich contains several OU with Users and Groups, we have to split in "small" DB for Winsync ?> J. > > -- > 389 users mailing list > 389-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >-- =========================================Emmanuel BILLOT IRD - Orléans Délégation aux Systèmes d''Information (DSI) tél : 02 38 49 95 88 ==========================================