Hi,
thanks for your reply, I'm able to list the user with ldapsearch and I
can't find any conflict entries described in the article. The 4.1
environment is only 1 server connected to active directory. Forgot to
reply to the list before, doh!
I've noticed a difference between users in 3.0 and 4.1 though, migrated
users in the 4.1 does not have an entry in "
cn=groups,cn=accounts,dc=sub,dc=domain,dc=tld" while users in 3.0 have this.
Example:
FreeIPA 4.1 environment:
# ldapsearch -xLLL -D "cn=directory manager" -W
-b"cn=batman,cn=groups,cn=accounts,dc=sub,dc=domain,dc=tld"
Enter LDAP Password:
No such object (32) Matched DN:
cn=groups,cn=accounts,dc=sub,dc=domain,dc=tld
FreeIPA 3.0 environment:
# ldapsearch -xLLL -D "cn=directory manager" -W -b
"cn=batman,cn=groups,cn=accounts,dc=sub,dc=domain,dc=tld"
Enter LDAP Password:
dn: cn=batman,cn=groups,cn=accounts,dc=dev,dc=sub,dc=domain,dc=tld
objectClass: posixgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: top
cn: batman
gidNumber: 1486600065
description: User private group for batman
mepManagedBy: uid=batman,cn=users,cn=accounts,dc=sub,dc=domain,dc=tld
ipaUniqueID: 139f6140-5074-11e5-a09d-005056914c0c
/andreas
On 09/09/2015 04:29 PM, Rich Megginson wrote:
On 09/09/2015 03:39 AM, Martin Basti wrote:
On 09/09/2015 10:50 AM, Andreas Calminder wrote:
Forgot to write that deleting users in active directory not migrated
with the migrate-ds command works fine, it's only migrated users
present in the ad that breaks the winsync agreement on deletion.
On 09/09/2015 10:35 AM, Andreas Calminder wrote:
Hi,
I've asked in #freeipa on freenode but to no avail, figured I'll
ask here as well, since I think I've actually hit a bug or (quite)
possibly I've done something moronic configuration/migration -wise.
I've got an existing FreeIPA 3.0.0 environment running with a fully
functioning winsync agreement and passsync service with the windows
environments active directory, I'm trying to migrate the 3.0.0
environments users into a freshly installed 4.1 (rhel7)
environment, after migration I setup a winsync agreement and make
it bi-directional (one-way sync from windows) everything seems to
be working alright until I delete a migrated user from the Active
Directory, after the winsync picks up on the change it'll break and
suggests a re-initialize. After the re-initialization the agreement
seems to be fine, however the deleted user are still present in the
ipa 4.1 environment and cannot be deleted. The webgui and ipa cli
says: ipauser1: user not found. ipa user-find ipauser1 finds the
user and it's visible in the ui.
Anyone had the same problem or anything similar or any pointers on
where to start looking?
Regards,
Andreas
Hello, this might be a replication conflict.
Can you list that user via ldapsearch to check if this is replication
conflict?
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
Use the latest docs, just in case they are more accurate:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code