Hi, It turns out it was mistake from our end, we were checking too early before the actual replication was done completely. Now that works properly.
The direction of replication is from AD -> 389 DS But now we have a new requirement which is to copy from multiple Source Subtree from Windows to Linux. To get both subtrees I used the winSyncSubtreePair multivalued attribute. This is the replication agreement we have right now dn: cn=UsersSyncAgreement,cn=replica,cn=dc\=example\,dc\=com\,cn=mapping tree,cn=config changetype: add objectclass: top objectclass: nsDSWindowsReplicationAgreement cn: UsersSyncAgreement winSyncSubtreePair: cn=Users,dc=adexample,dc=com:ou=userandgroups,dc=example,dc=com winSyncSubtreePair: ou=ItalyGroups,dc=adexample,dc=com:ou=userandgroups,dc=example,dc=com nsds7NewWinUserSyncEnabled: on nsds7NewWinGroupSyncEnabled: on nsds7WindowsDomain: adexample.com nsDS5ReplicaRoot: dc=example,dc=com nsDS5ReplicaHost: adexample.com nsDS5ReplicaPort: 389 nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicaBindDN: cn=replication user,cn=Users,dc=adexample,dc=com nsDS5ReplicaBindMethod: SIMPLE nsDS5ReplicaCredentials: secret winSyncInterval: 1200 We want to copy both subtrees cn=Users and ou=ItalyGroups from the AD to 389 DS subtree ou=userandgroups,dc=example,dc=com. Once the 389 Directory Server is installed, and this replication agreement is configured, I am able to access the 389 DS. But once I initialize this replication agreement using the following dn: cn=UsersSyncAgreement,cn=replica,cn=dc\=example\,dc\=com\,cn=mapping tree,cn=config changetype: modify replace: nsds5BeginReplicaRefresh nsds5BeginReplicaRefresh: start The dirsrv service crashes. Can you help me with this problem, Am I configuring something wrong in the above replication agreement? Thank you Abhishek Deb On Sun, Jun 30, 2019 at 9:24 PM William Brown <wbr...@suse.de> wrote: > > > > On 25 Jun 2019, at 05:09, Abhisheyk Deb <abhisheyk...@gmail.com> wrote: > > > > Hi, > > > > We have the following setup. > > > > Active Directory Server in US. > > 389 DS Server in Italy. > > > > We are able to access the Active Directory Server from 389 DS. > > We installed the sync agreement. No body is touching the AD, the number > of objects that should copied is 21. But every time we are running the > replication agreement, the number of objects being copied is always > different. How can that be if there is no change happening at the AD > Server. > > > > Is the replication done over UDP or TCP. > > > > Also is it because of distance and delay that is causing the > synchronization issues. > > > > If some can elaborate in this issue, it would be really helpful. > > Sorry for the very late reply, > > Replication like this, can be partial - it may not send all objects or > structures, just ones defined in the agreement. > > I think we'll need to see your winsync agreement from cn=config to know > more, and to see what kind of objects are being sent, and what is not. > > Is it objects from 389 to AD or in the other direction that are/are not > being synced? > > Thanks, > > > > > Thank you > > Abhishek Deb > > _______________________________________________ > > 389-users mailing list -- 389-users@lists.fedoraproject.org > > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > > — > Sincerely, > > William Brown > > Senior Software Engineer, 389 Directory Server > SUSE Labs > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >
_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org