On 05/16/2014 09:12 PM, DuWayne Holsbeck wrote:
I have a 389 and AD servers setup, and sync agreements configured for
users, and groups. The Groups synced fine, but on the AD side there are
no members in the groups. I set the ntGroup objectClass, ntGroupType,
ntGroupCreateNewAccount, ntGroupDeleteAccount, ntUniqueId attributes set
on the 389DS side.Initial sync runs without errors.
Am I missing something, or is there a trick to get the Group memberships
to sync up between the 2?
Any suggestions on a fix, or way to troubleshoot the issue would be
greatly appreciated.
Did you setup a single sync agreement? I managed to get group members
working when syncing users and groups with single sync agreement. Due to
our ldap structure, I had to create sync agreement for the whole root
suffix.
389: dc=domain,dc=com ==> AD: ou=ldap,dc=domain,dc=com
Before this, I tried to sync users and groups with separate sync
agreements which didn't work. Also check you are running at least
version 1.2.11.29. I had general problems with MS Server 2012 R2 with
earlier versions.
-Vesa
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
