Le 10/07/2015 15:58, Biernath, Jutta a écrit :
Hi Clément,
>>>Indeed, this just allow to page entries, not values in an attribute
(which is called range). With AD , this script could help to manage
range of attributes:
http://lsc-project.org/wiki/documentation/howto/adrangescript
I’ve tried this script, but there was no difference.
>>>I would advice to set threads to 1 (-t1).
Ok.
>>>You indeed found the good parameter to set the timeout value: -i. But
it is not normal to have an error, what shows the log file?
The mentioned error was the only one. There was no other.
>>>It should be with the -i parameter. If it doesn't work, it maybe a bug
with the daemon mode. Are you sure to not have time limitations
configured on OpenLDAP side?
We have tried the task in dry run before and it didn’t show this
behavior. This error just appears if we synchronize to the real AD.
It may be a time limitation on AD side in this case as the timeout seems
to occur in the modification operation. Are you that this operation is
successful ?
>>>Maybe you should try to run LSC in batch mode as a workaround, let's
say every five minutes, to get a working synchronization.
This could be a solution. But the errors still make me nervous.
I can understand this. Maybe the timeout parameter is not taken into
account by LSC when doing the modification... You may need to change the
timeout settings on AD side
(http://prowiki.isc.upenn.edu/wiki/Solving_timeout_issues_with_ActiveDirectory)
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
