[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-devel
Subject: [389-devel] Please review: [389 Project] #48: Active Directory has certain uids which are reserved a
From: Noriko Hosoi <nhosoi () redhat ! com>
Date: 2013-08-16 22:21:53
Message-ID: 520EA601.7070006 () redhat ! com
[Download RAW message or body]
https://fedorahosted.org/389/ticket/48
https://fedorahosted.org/389/attachment/ticket/48/0001-Ticket-48-Active-Directory-has-certain-uids-which-ar.patch
Bug description: Some account names (e.g. "service") is reserved
in Active Directory. If DS has an entry having such an NT user ID
and the entry is synchronized to the AD, it fails with LDAP_ALREADY_
EXISTS, but the error is gracefully ignored. In the total update,
updating Account Control bit follows the failed add, which fails
since the AD entry WinSync expects does not exist and it aborts
the total update.
Fix description: If adding a DS entry to AD fails and the updating
Account Control bit also fails, the following note is logged in
the error log and the total update continues:
windows_process_total_add: Creating AD entry "cn=service service,
cn=Users,dc=EXAMPLE,dc=COM" from DS entry "uid=service,ou=People,
dc=example,dc=com" failed. AD reserves the account name. Ignoring
the error...
In addition, in windows_parse_config_entry, if the attribute values
in the agreement is retrieved before the agreement is started, the
following error is logged, which is not necessary. This patch
stops logging it if the agreement does not set "protocol" yet.
Replication agreement for agmt="cn=WinSync" could not be updated.
For replication to take place, please enable the suffix and restart
the server.
--
389-devel mailing list
389-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic