Bug 818727

Summary: incorrect Windows Subtree change instructions
Product: Red Hat Enterprise Linux 6 Reporter: Rich Megginson <rmeggins>
Component: doc-Identity_Management_GuideAssignee: Deon Ballard <dlackey>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: medium Docs Contact:
Priority: medium    
Version: 6.3CC: jskeoch
Target Milestone: rcKeywords: Documentation
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-03 02:44:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rich Megginson 2012-05-03 19:46:01 UTC
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/managing-sync-agmt.html#changing-subtree

and in fedora 15

7.3.4. Changing the Synchronized Windows Subtree

fedora 16 has a different place

https://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/managing-sync-agmt.html#tab.sync-agmt-attrs


8.4.4. Changing the Synchronized Windows Subtree

This is incorrect:
dn: cn=ipa-winsync,cn=plugins,cn=config

This is what it should say:

First, find the DN of your windows sync agreement:

 ldapsearch -xLLL -D "cn=directory manager" -w password -p 389 -h ipaserver.example.com -b cn=config objectclass=nsdswindowsreplicationagreement dn nsds7WindowsReplicaSubtree

 dn: cn=meToWindowsBox.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dco
  m,cn=mapping tree,cn=config
 nsds7WindowsReplicaSubtree: cn=users,dc=example,dc=com

Next, with that dn: line, use ldapmodify:

 ldapmodify -x -D "cn=directory manager" -w password -p 389 -h ipaserver.example.com <<EOF
 dn: cn=meToWindowsBox.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dco
  m,cn=mapping tree,cn=config
 changetype: modify
 replace: nsds7WindowsReplicaSubtree
 nsds7WindowsReplicaSubtree: cn=alternateusers,dc=example,dc=com
 EOF

 modifying entry "cn=meToWindowsBox.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config"

The change should take effect immediately, or as soon as the current sync operation is completed.

Comment 3 Deon Ballard 2012-06-22 21:51:30 UTC
Updated procedure in the RHEL 6 docs:

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/managing-sync-agmt.html#changing-subtree

Fedora is identical, but changes will be published later.