[389-users] Re: 389 DS sync issue with Active Directory

Mon, 19 Sep 2022 04:41:19 -0700 


On 9/19/22 3:05 AM, Darshan B wrote:

Hello Team

I have a question on sync between  389 DS  and windows active Directoty.
I have followed this link to 
https://documentation.suse.com/sles/15-SP3/html/SLES-all/cha-security-ldap.html 
for Synchronizing with Microsoft Active Directory(6.11) with 389 DS , I'm able 
to create the repl-winsync-agmt  but while checking its status using sudo 
dsconf ldap1 repl-winsync-agmt init-status i'm getting below error .

Error:
[16/Sep/2022:16:25:45.129760205 +051800] - ERR - slapi_ldap_bind - Could not send bind 
request for id [CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com] authentication 
mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5950 (File not 
found.), network error 107 (Transport endpoint is not connected, host 
"192.168.56.106:389")
This means the replication agreement can not connect to the AD server.   Perhaps your winsync agreement is not configured correctly.  Please provide the agreement entry from 389 DS. 

Thanks,
Mark



I'm able to do ldapsearch on Active directory but repl-winsync-agmt init-status 
command is giving the network error.

ldapseach command:
ldapsearch -x -h 192.168.56.106 -p 389 -b "CN=Users,dc=training,dc=itadmin,dc=com" -D 
"CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com" -w "Test@123" dn

repl-winsync-agmt create  command used:

sudo dsconf -D "cn=ldap1-infra1" -w "#CEEadmin123" ldap1 repl-winsync-agmt create --suffix "dc=openstack,dc=org"  --host 
192.168.56.106 --port 389 --conn-protocol LDAPS   --bind-dn "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com"   --bind-passwd "Test@123" 
--win-subtree "CN=Users,DC=training,DC=itadmin,DC=com"   --ds-subtree "dc=openstack,dc=org" --one-way-sync fromWindows   --sync-users=on 
--sync-groups=on --move-action delete   --win-domain "trainingitadmin.com" adsync_agreement

Let me know what should be done to resolve this network error
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue


--
Directory Server Development Team
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to