Bug 704295

Summary: RFE: allow a group-only sync agreement to see users in other sync agreements from the same DC
Product: [Retired] 389 Reporter: Joshua Roys <roysjosh>
Component: Replication - GeneralAssignee: Rich Megginson <rmeggins>
Status: CLOSED DUPLICATE QA Contact: Ben Levenson <benl>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.2.8CC: nhosoi
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-12 22:11:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 512820    

Description Joshua Roys 2011-05-12 17:32:58 UTC 
Description of problem:
Our AD setup has users in ou=$UNIT,ou=Personnel,$BASE and groups in ou=Groups,ou=Global,$BASE.  We have a sync agreement in place for every $UNIT OU and the Groups OU.  The Groups sync can't see any users because they are outside the scope of itself.


Version-Release number of selected component (if applicable):
1.2.8.3


Actual results:
NSMMReplicationPlugin - received entry from dirsync: CN=Roys\, Joshua,OU=$UNIT,OU=Personnel,$BASE
NSMMReplicationPlugin - agmt="cn=Org Groups" (dc01:636): map_entry_dn_inbound: looking for local entry matching AD entry [CN=Roys\, Joshua,OU=$UNIT,OU=Personnel,$BASE]
NSMMReplicationPlugin - agmt="cn=Org Groups" (dc01:636): map_entry_dn_inbound: looking for local entry by guid [fd1c....]
NSMMReplicationPlugin - agmt="cn=Org Groups" (dc01:636): map_entry_dn_inbound: problem looking for guid: -1
NSMMReplicationPlugin - agmt="cn=Org Groups" (dc01:636): map_entry_dn_inbound: looking for local entry by uid [jroys]
NSMMReplicationPlugin - agmt="cn=Org Groups" (dc01:636): map_entry_dn_inbound: problem looking for username: -1

dse.ldif snippets:

dn: cn=Org Groups,cn=replica,cn=$BASE,cn=mapping tree,cn=config
objectClass: top
objectClass: nsDSWindowsReplicationAgreement
description: Org Groups
cn: Org Groups
nsds7WindowsReplicaSubtree: ou=Groups,ou=Global,$BASE
nsds7DirectoryReplicaSubtree: ou=Groups,$BASE
nsds7NewWinUserSyncEnabled: off
nsds7NewWinGroupSyncEnabled: on
nsds7WindowsDomain: $DOMAIN
nsDS5ReplicaRoot: $BASE
nsDS5ReplicaHost: dc01.$DOMAIN
nsDS5ReplicaPort: 636
nsDS5ReplicaBindDN: $BINDDN
nsDS5ReplicaTransportInfo: SSL
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaCredentials: $PASS
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config
createTimestamp: 20110510124714Z
modifyTimestamp: 20110512172057Z

dn: cn=Org $UNIT,cn=replica,$BASE,cn=mapping tree,cn=config
objectClass: top
objectClass: nsDSWindowsReplicationAgreement
description: Org $UNIT
cn: Org $UNIT
nsds7WindowsReplicaSubtree: ou=$UNIT,ou=Personnel,$BASE
nsds7DirectoryReplicaSubtree: ou=$UNIT,ou=People,$BASE
nsds7NewWinUserSyncEnabled: on
nsds7NewWinGroupSyncEnabled: on
nsds7WindowsDomain: $DOMAIN
nsDS5ReplicaRoot: $BASE
nsDS5ReplicaHost: dc01.$DOMAIN
nsDS5ReplicaPort: 636
nsDS5ReplicaBindDN: $BINDDN
nsDS5ReplicaTransportInfo: SSL
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaCredentials: $PASS
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config
createTimestamp: 20110429190248Z
modifyTimestamp: 20110512172057Z
Comment 3 Martin Kosek 2012-01-04 13:23:17 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/44
Comment 5 Noriko Hosoi 2015-11-12 22:11:31 UTC 

*** This bug has been marked as a duplicate of bug 746646 ***