Idsync resync error

Hi,
I installed ISW and all the required connectors. But when I use the idsync resync command , I always get invalid options error.
Trying to sync from ds5.2 to AD
idsync resync -D "cn=Directory Manager" -w password -o Sun -c
The DN used above is the DN for Ds5.2
I am new to this , can any one help.
Thanks,

You also need to supply the configuration password using the -q option. Hope this helps.
Tony

Similar Messages

Idsync resync java error Sun-- NT

Hello there,
We're trying to sync a Sun DS 5.2 with Id Sync for Windows 1 2003Q4 with an NT primary domain controller, and have run into some errors when idsync resync is run for the first time.
# ./idsync resync -D "cn=Directory Manager" -w "ourpassword" -h ldap.ourdomain.edu -p 389 -s "o=ourdomain.org" -q "ourpassword" -o Sun -c
Validating and starting refresh operation '1100205769552'. Hit Ctrl-C to cancel.
User progress:
# Entries sent: 1
User progress:
# Entries sent: 2
Refresh operation '1100205769552' failed because connector 'CNN101' was reset.
The central error and audit logs show that ldap & NT are communicating, but the NT side throws a java error when refresh SUL action is sent:
[11/Nov/2004:15:33:09.468 -0500] FINE 16 CNN101 test-pdc "The controller has received the following outbound action from the agent: Type: REFRESH SUL: SUL1NT {Data Attrs: [UNSPEC user_full_name: Sun Sync]} {Other Attrs: ntuserguid: 4BwGeUPju0yhX4OBGM3f3w== nsuniqueid: 0c482301-29d411d9-809887ce-5c1e1f2b objectclass: top, person, organizationalPerson, inetorgperson, dspswuser, ntuser user_name: ssync2001 dn: uid=ssync2001,o=ourdomain.org}." (Action ID=CNN100-100234A1BA9-1, SN=4)
[11/Nov/2004:15:33:09.531 -0500] SEVERE 18 CNN101 test-pdc "******** UNEXPECTED ERROR: TASK 'Controller OutTask_0' GENERATED AN uncaught RuntimeException: 'String index out of range: -1'. PLEASE INCLUDE THIS LOG FILE WHEN REPORTING THIS PROBLEM. THANK YOU. ******** java.lang.String
IndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(Unknown Source) at com.sun.directory.wps.controller.Controller.getNTUserName(Controller.java:651) at com.sun.directory.wps.controller.Controller.lookupObjectByKey(Controller.java:1466) at com.sun.directory.wps.controller.Controller.retrieveMatchingAction(Controller.java:1808) at com.sun.directory.wps.controller.Controller.res
olveOutboundObjectID(Controller.java:2075) at com.sun.directory.wps.controller.ControllerOutboundActionTask.processOperation(ControllerOutboundActionTask.java:112) at com.sun.directory.wps.task.BasicTask.defaultRun(BasicTask.java:439) at com.sun.directory.wps.task.BasicTask.run(BasicTask.java:390) at java.lang.Thread.run(Unknown Source) "
[11/Nov/2004:15:33:09.593 -0500] SEVERE 18 CNN101 test-pdc "Process is exiting abnormally due to a runtime exception or error. It will be restarted automatically."
Has anyone seen this before?
The NT box is running NT4, service pack 6, with Java 1.4.2_05. The Sun end is Solaris 9, DS 5.2.2 with patches for Id sync 2004Q3 installed. We do not have any AD connections with this installation.
Thanks very much,
P.J.

You also need to supply the configuration password using the -q option. Hope this helps.
Tony

Idsync resync - To populate empty directory!

Hi folks,
I have setup message Q (enterprise edition), Sun Java DS 5.2 patch 4 and ISW 1 2004Q3 as according to the docs on Solaris 10. I do have a AD in operation. I'm trying to sync my DS with AD.
Before starting ISW I read I have to run the idsync resync command to populate my empty DS on Solaris. I have three SULs created when i installed my ISW component. I also try to make use of xml file to amtch the attributes.
But when I run the idsync resync command with the parameters as
./idsync resync -D "cn=Directory Manager" -w bind password -h hostname -q config password -f filename -i ALL_USERS|NEW_LINKED_USERS
It starts by saying validating and refreshing .
Entries sent: 1
Entries that could not belinked: 1
Entries sent: 14
Entries that could not be linked: 14
SUCCESS
But actually no entries are linked. I checked the resync log but there are no related error messages on running the above command. The same is the case by looking into error.log or audit.log files.
Someone kindly advice as its frustrating as not able to populate data.
NOTE: Some additional info--- I have created few containers under people and group which shows as being created by uid=admin
Thanks
casa

I have re-opened this question since the problem appears in ISW 6.0 Solaris version but intermittent in Windows versio.
Edited by: kamtheman on Dec 22, 2009 9:57 PM

Idsync resync - list file

Hello,
We have installed DSEE 7.0 & ISW 6.0 on Solaris 10.
Active Directory is running on Windows 2008 R2 Enterprise Edition (64-bit)
We have one way syncronization (LDAP -> AD)
I have a flat file with list of users that I want to run "idsync resync" on so that it will create those accounts on AD.
I can run:
/opt/SUNWisw/bin/idsync resync (various other flags here) -a "uid=<account_name>"
The above command successfully creates the account on AD.
Question I have is:
Is there a way I can specify a "list file" in this command?
Any ideas on this will be great!
Thank you,

Hello Marco,
I did try that, and it works, but issue is speed...
After syncing each user, connection between two server closes and it is re-established before processing next user. Here is some info from log file:
"Shutting down the object cache."
"Shutting down the database checkpoint thread."
"The object cache database connection pool has been closed."
"Closing the object cache database environment."
"The object cache database environment has been closed."
"The object cache has been shutdown."
"Starting 4 controller threads"
"About to open the object cache database environment."
"The object cache database environment has been opened."
"When establishing LDAP connections over SSL, the connector will accept any certificate from the LDAP server."
"Established a connection to the Sun Java(TM) System Message Queue Broker as user: with clientID: "
And, it took close to 2-hours to process about 100 users. So, I was looking for a way to specify a file list...
Thank you,

I can't resync and uninstall Identity Synchronization for Windows 1.0

Hi, every body.
I downloaded and installed Identity Synchronization for Windows 1.0 on Solaris 8.
But I can't execute idsync resync comannd. The below error message is output on console,
# ./idsync resync -h crow.bird.soft.hitachi.co.jp -p 3890 -D cn=manager -w managersecret -q netscape -s dc=bird,dc=soft,dc=hitachi,dc=co,dc=jp
Exception in thread "main" java.lang.NoClassDefFoundError
at com.sun.directory.wps.registry.model.dao.LDAPConfigurationRegistryDAO.initializeEncryptor(LDAPConfigurationRegistryDAO.java:756)
at com.sun.directory.wps.registry.model.dao.LDAPConfigurationRegistryDAO.open(LDAPConfigurationRegistryDAO.java:721)
at com.sun.directory.wps.registry.util.BasicRegistryFacade.openRegistry(BasicRegistryFacade.java:120)
at com.sun.directory.wps.registry.util.BasicRegistryFacade.openRegistry(BasicRegistryFacade.java:211)
at com.sun.directory.wps.ui.model.PSWConfigurationFacade.openRegistry(PSWConfigurationFacade.java:1126)
at com.sun.directory.wps.ui.model.PSWConfigurationFacade.openRegistry(PSWConfigurationFacade.java:1114)
at com.sun.directory.wps.ui.cli.CRCLIProgram.getConfigurationFacade(CRCLIProgram.java:64)
at com.sun.directory.wps.ui.cli.RefreshUsers.execute(RefreshUsers.java:283)
at com.sun.directory.wps.ui.cli.ResyncUsers.<init>(ResyncUsers.java:54)
at com.sun.directory.wps.ui.cli.IdSyncProgram.execute(IdSyncProgram.java:94)
at com.sun.directory.wps.ui.cli.IdSyncProgram.<init>(IdSyncProgram.java:129)
at com.sun.directory.wps.ui.cli.IdSyncProgram.main(IdSyncProgram.java:135)
And I can't execute runUnInstaller.sh too becasu same error messages in logs/cli/error.log file.
Both error outputs same message "org/apache/xerces/utils/Base64" in log files, so I think CLASSPATH is wrong.
In runUninstaller.sh, below jar file name are written -classpath arguments.
/usr/share/lib/mps/jss3.jar
/usr/sfw/share/lib/xerces-200.jar
These Are settings correct?
If these settings are wrong, resync is set by same wrong settings in binary code?
Please tell me how to resync and to uninstall Identity Synchronization for Windows 1.0.

I mistakes log file name.
I wrote:
And I can't execute runUnInstaller.sh too becasu same error messages in logs/cli/error.log file.But runUnsitaller.sh outputs to /var/sadm/install/logs/Uninstall-xxxxxxx.log.
logs/cli directory is where idsync command outpus error.log and audit.log.
Sorry.

Proplem about use IDsync for windows 1.0 to sync users accounts

Hello.
I set the DS5.2 and IDsync 1.0 on the sunfire 240 and os is Solaris 9 .
I set all about the configuration of DS5.2 and Idsync include CA certifications on both software.
I can sucess sync useraccounts from Windows2003 to Sun.but I can't sync Useraccounts from Sun to Windows2k3.
and this my input command:
this is sync from windows to sun
bash-2.05# pwd
/var/opt/mps/serverroot/isw-LDAP-Server1/etc/CNN100
bash-2.05# idsync resync -h ldap-server1.sinomos.com -p 636 -D "cn=directory manager" -w passwdadmin -s dc=sinomos,dc=com -Z -P cert7.db -q passwdadmin -c -i NEW_USERS
Operation is started. Enter 'c' to cancel.
User progress: Dumped: 1
User progress: Dumped: 1 In sync: 1
this is sync Sun to Win2k3 happen a error
bash-2.05# idsync resync -h ldap-server1.sinomos.com -p 636 -D "cn=directory manager" -w passwdadmin -s dc=sinomos,dc=com -Z -P cert7.db -q passwdadmin -o Sun -c -i NEW_USERS
Cannot reset DS passwords when resyncing from DS to Windows.
Can anyone help me ! thanks!!

David,
The SSL related parameters in the IdSync CLI only apply to the communication between the command line and the configuration directory server.
The communication type to be used during the resync operation is the same as during normal synchronization. This is what you configured with the management console, when you setup your Active Directory and Sun Directory sources.
The -i NEW_USERS option can only be used when resync-ing from Active Directory to Sun Directory server.
This is why you get the error message "Cannot resete DS Passwords when resyncing from DS to Windows".
Bertold

Error on deploying a Web Service on 9iAS release 2

Hi, somebody could help me on deploying a Web Service on 9iAS release 2?, I have applied the UDDI patch through the orauddi.zip file downloaded from otn web site. But on the J2EE Web Service Deploying Wizard (OEM Web Site), at the Web Service configuration stage, a message is displayed telling me that a Web Service must be deployed if the 9iAS instance which has an infrastructure connection, and this is not my case (I don't want to install the infrastructure. The UDDISYS schema was installed on a simple 9i DB release 2 successfully and for the orauddi application deployed I had created a Data Source for this user).
On trying to do the same task from JDeveloper 9.0.3, an error ADM is displayed advincing the searching of errors in the log.xml file located on IAS_HOME/dcm/logs directory. Below I have copy the last part of this file, corresponding to the error day.
<MESSAGE>
<HEADER>
<TSTZ_ORIGINATING>2003-07-22T00:27:55.182-03:00</TSTZ_ORIGINATING>
<COMPONENT_ID>iAS_dcm</COMPONENT_ID>
<MSG_TYPE TYPE="ERROR"></MSG_TYPE>
<MSG_GROUP>n/a</MSG_GROUP>
<MSG_LEVEL>1</MSG_LEVEL>
<HOST_ID>preventas-ntbk</HOST_ID>
<HOST_NWADDR>192.168.1.78</HOST_NWADDR>
<MODULE_ID>oracle/defaultLogger/ExceptionLogger</MODULE_ID>
<PROCESS_ID>null-Thread[main,5,main]</PROCESS_ID>
<USER_ID>administrator</USER_ID>
</HEADER>
<PAYLOAD>
<MSG_TEXT>[TM] Config/LoadEdit/ImportExport Adapter resync error</MSG_TEXT>
<SUPPL_DETAIL><![CDATA[java.lang.NullPointerException
     at oracle.ias.sysmgmt.repository.datastore.DataStore.getOutOfSyncPluginConfigData(Unknown Source)
     at oracle.ias.sysmgmt.repository.RepositoryImpl.syncUpFromPersistence(Unknown Source)
     at oracle.ias.sysmgmt.configsvc.ConfigurationServiceImpl.syncUp(Unknown Source)
     at oracle.ias.sysmgmt.task.ConfigAdapter.resync(Unknown Source)
     at oracle.ias.sysmgmt.task.TaskMaster.resync(Unknown Source)
     at oracle.ias.sysmgmt.task.TaskMaster.resync(Unknown Source)
     at oracle.ias.sysmgmt.task.InstanceManager.sysInit(Unknown Source)
     at oracle.ias.sysmgmt.task.InstanceManager.init(Unknown Source)
     at oracle.ias.sysmgmt.cmdline.DcmCmdLine.execute(Unknown Source)
     at oracle.ias.sysmgmt.cmdline.DcmCmdLine.main(Unknown Source)
]]></SUPPL_DETAIL>
</PAYLOAD>
</MESSAGE>
<MESSAGE>
<HEADER>
<TSTZ_ORIGINATING>2003-07-22T00:27:56.644-03:00</TSTZ_ORIGINATING>
<COMPONENT_ID>iAS_dcm</COMPONENT_ID>
<MSG_TYPE TYPE="ERROR"></MSG_TYPE>
<MSG_GROUP>n/a</MSG_GROUP>
<MSG_LEVEL>1</MSG_LEVEL>
<HOST_ID>preventas-ntbk</HOST_ID>
<HOST_NWADDR>192.168.1.78</HOST_NWADDR>
<MODULE_ID>oracle/defaultLogger/ExceptionLogger</MODULE_ID>
<PROCESS_ID>null-Thread[main,5,main]</PROCESS_ID>
<USER_ID>administrator</USER_ID>
</HEADER>
<PAYLOAD>
<MSG_TEXT>[ RM ] Exception in repository API getDBConnect()</MSG_TEXT>
<SUPPL_DETAIL><![CDATA[oracle.ias.repository.schema.SchemaException: Unable to connect to Directory Server:javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused: connect]
     at oracle.ias.repository.directory.DirectoryReader.connect(DirectoryReader.java:104)
     at oracle.ias.repository.IASSchema.getDBConnect(IASSchema.java:331)
     at oracle.ias.repository.IASSchema.getDBConnect(IASSchema.java:416)
     at oracle.ias.repository.SchemaManager.getDBConnect(SchemaManager.java:197)
     at oracle.ias.sysmgmt.persistence.SeedDbAccess.getDBConnect(Unknown Source)
     at oracle.ias.sysmgmt.persistence.PersistenceManager.getSeedInfo(Unknown Source)
     at oracle.ias.sysmgmt.persistence.PersistenceManager.isDBConfigured(Unknown Source)
     at oracle.ias.sysmgmt.task.InstanceManager.sysInit(Unknown Source)
     at oracle.ias.sysmgmt.task.InstanceManager.init(Unknown Source)
     at oracle.ias.sysmgmt.cmdline.DcmCmdLine.execute(Unknown Source)
     at oracle.ias.sysmgmt.cmdline.DcmCmdLine.main(Unknown Source)
]]></SUPPL_DETAIL>
</PAYLOAD>
</MESSAGE>
But, I can deploy this Web Service in the OC4J embedded on JDeveloper, successfully (from JDeveloper). Any idea?
Thanks a lot in advance,
Pablo.

Because you do not have an infrastructure database, you will not be able to deploy your web service from OEM as one of its steps is to register the service in the UDDI registy - the Web service deployment and UDDI registration are tied tightly together in OEM right now.
All is not lost, however. You have two routes to deploy the Web Service on Oracle9iAS:
1. Use DCM, which is the command line interface to deploy applications/webservices/wars/ears on Oracle9iAS. It does not have the dependency on UDDI.
To deploy a Web service using DCM, say your Web service ear file were named test.ear your deployment command would look something like:
c:\oracle\ora903\dcm\bin\dcmctl deployApplication -file test.ear
See the doc for much more detail to let you tailor DCM to do all the stuff that is available through EM or specific to your application:
http://download-west.oracle.com/docs/cd/A97329_03/core.902/a92171/dcm.htm#643834
2. In JDeveloper 9.0.3, there is a DCM Servlet that lets you do remote deployment to Oracle9iAS:
http://otn.oracle.com/products/jdev/htdocs/readme_9031.html#viadcm
I suspect your deployment problem from Oracle9i JDeveloper may be (this may be an incorrect assumption) due to trying to use a connection that is setup as if Oracle9iAS is a standalone OC4J.
Mike.

Idsync for windows - linked but not sync'd

This command succeeded, in the linking.log file, users are matched:
idsync linkusers -h ala-proxyldap -p 1389 -D "cn=Directory Manager" -w password -s dc=wrs,dc=com -n -q configwrs -f ../samples/jonathan.cfg
Immediately after running the above, I did the 'resync' command but it failed, corresponding users could not be found:
/idsync resync -h ala-proxyldap -p 1389 -D "cn=Directory Manager" -w password -s dc=wrs,dc=com -q configwrs -l test
============
Why?

I am running into the same problem you have. Any luck? Please advice.
Thanks!

Any version od IDSync supports user deletion from AD to DS

Hi,
I would like to know that any version of IDSync supports deletion of users in AD to be synced with DS 5.2. We use Version - 1 2004Q3
Build - 2004.259.1055 with Win2k3 AD. if it is there how to go about implementing it in a production environment.
shaji

hi,
i don't know if this is the recommended way but we have a cron job running
where we check for deleted AD acounts:
<IDSYNC_INSTALL_PATH>/idsync resync -D cn=<LDAP_MANAGER> -w <LDAP_MANAGER_PW> -h <LDAP_SERVER_HOST> -p <LDAP_PORT> -q <IDSYNC_CONF_PW> -s <ROOT_SUFIX> -x -o Windows -i ALL_USERS
hope it helps

SPA122 'Resync fails on FNF' bug!

Hello,
the option 'Resync fails on FNF' does not seem to work for SPA1x2 in FW 1.2.1 (004).
The SPA logs 'Resync failed: file not found' and associates the 'Resync Error Retry Delay' timer, regardless of the option set to No.
I tried various combinations, but it all comes down to the fact, that this is definetely not working (as it was on SPA-2102).
The main problem now is that this kills our current provisioning system. Oh, Cisco, what have you done???
Kind regards,
E. Rentzow

Curious! Are you using TFTP or HTTP? I'm using the latter.
The way you examined it is the same I did. I took notice of it when the periodic resync (in lab set to 60 seconds) didn't occur and the error timer came into effect. The log definetely states that the resync failed. Because it works with the SPA-2102 I don't think that I've overseen anything - well it's actually not that complicated ;-)
Eik

I can't access the Identity Synchronization console!!

Hi, at first sorry for my english, I'm from spain :)
I've installed Sun Directory server 5.2 in a Windows 2003 server machine.
I need to synchronize sun ldap directory with active directory in another machine, and I've installed Identity Synchronization for windows 12004Q3 in the sun ldap's machine. Everything was right, I think, but when I try to open Identity Sychronization console from system server console, I receive an error. I mean, I'm asked about the configuration password and when I introduce it, I receive this error message:
Invalid argument: {0} - {1}
I don't know what is happening, when I test from command line I receive this output:
C:\Program Files\Sun\MPS\isw-ldapserver\bin>idsync printstat -w sespa -q sespa
Exploring status of connectors, please wait...
No connectors were found.
Sun Java(TM) System Message Queue Status: Started
Checking the System Manager status over the Sun Java(TM) System Message Queue.
System Manager Status: Started
Remaining Installation and Configuration Steps:
1. Create an initial configuration using the product's console or by migrating
from a previous installation using 'idsync importcnf'.
2. Prepare every Sun Directory Server included in this configuration by using
the console or the 'idsync prepds' command.
3. Install connectors for every configured directory source.
4. After installing each Sun Directory Server connector, run the installer aga
in on every master and on every read-only replica to install the Sun Directory S
erver plugin.
5. Run 'idsync resync' to establish links between existing Directory Server an
d Windows users.
6. Start synchronization using the console or the 'idsync startsync' command.
SUCCESS
But I can't finish de installation because I can't acces de console, what could be de cause? I'm starting whith ldap and I afraid I'm not very expert.
Thank you very much!!
Message was edited by:
mariafro
Message was edited by:
mariafro
Message was edited by:
mariafro

It is not guaranteed to work .
ISW 1.1(2004Q3) has not been tested with DS 5.2patch3 (2004Q4)
The release notes require 5.2patch2 (or higher).
But then mention a known issue with 5.2patch3:
Identity Synchronization for Window installation fails on Directory Server 5.2p3 installed with Sun Java Enterprise System 3. (5092530)
You cannot install the core Identity Synchronization for Windows product against Directory Server 5.2 P3 or higher. Identity Synchronization for Windows 1 2004Q3 will support Sun Java Enterprise System 3 (Directory Server 5.2 P3) as a data synchronization source only.
Ludovic

Identity Synchronization for Windows: AD connector failure

I've recently setup ISW in order to synchronize my primary AD domain and my newly installed directory server instance. The ISW core, connectors and plug-in installs are completed.
I ran the final idsync resync to populate directory server from AD and that ran successfully. I then ran an idsync startsync and saw that synchronization was started on all components of the system.
- The Synchronization, Configuration Directory, Message Bus and System Manager are all in the "Started" state.
- The AD (CNN101) and Directory Server (CNN100) directory sources are in the SYNCING state
idsync printstat output as follows:
Exploring status of connectors, please wait...
Connector ID: CNN100
Type: Sun Java(TM) System Directory
Manages: dc=domain,dc=com (ldaps://ldap1.domain.com:636) (ldaps://ldap2.domain.com:636)
State: SYNCING
Installed on: ldap1.domain.com
Plugin SUBC100 is installed on ldaps://ldap1.domain.com:636
Plugin SUBC101 is installed on ldaps://ldap2.domain.com:636
Connector ID: CNN101
Type: Active Directory
Manages: ne.domain.com (ldaps://london.ne.domain.com:636) (ldaps://winads02.ne.domain.com:636) (ldaps://winads03.ne.domain.com:636) (ldaps://winads04.ne.domain.com:636) (ldaps://winads05.ne.domain.com:636) (ldaps://winads01.ne.domain.com:636)
State: SYNCING
Installed on: linopsldp01.prod.domain.com
Sun Java(TM) System Message Queue Status: Started
Checking the System Manager status over the Sun Java(TM) System Message Queue.
System Manager Status: Started
SUCCESS
I then try to login to a linux client system to complete the on-demand password synchronization. However, when I do that I see the following in the directory server that is handling the request's error log:
[30/Sep/2009:16:51:49 -0400] - WARNING<38783> - isw - conn=17 op=1 msgId=3 - Plugins authentication cannot be completed, because no domain controller (ldaps://winads01.ne.domain.com:636 ldaps://london.ne.domain.com:636 ldaps://winads02.ne.domain.com:636 ldaps://winads03.ne.domain.com:636 ldaps://winads04.ne.domain.com:636 ldaps://winads05.ne.domain.com:636) is available to verify credentials for user uid=user,ou=people,dc=domain,dc=com
In the CNN100 logs I see the following error on both directory server plugin sub-components:
"DS Plugin (SUBC101): authentication to Active Directory server at ldaps://winads01.ne.domain.com:636 failed (bind DN: CN=iswadm,OU=Service Accounts,DC=ne,DC=domain,DC=com), error(81): Can't contact LDAP server"
I know that connectivity to the domain controller listed is fine and I can reach port 636 on that host from both directory servers. I don't understand how the connecters can be in the SYNCING state if there is no connectivity to them and I went through the entire setup previous to this with no issues. I've restarted the DS instances and ISW with no luck. Has anyone seen this sort of problem before? Any ideas on a fix/further troubleshooting would be greatly appreciated.

Thanks for the pointer to the SSL certificates. It turns out that some of the AD controllers were reporting expired certificates even though they had updated and valid certs. A reboot of those domain controllers fixed that issue.
I now have an issue in completing the on-demand password synchronization process when my client systems are pointed at the directory proxy server systems. I can complete the operation and login when the client is pointing directly at one of the directory servers:
[09/Oct/2009:00:58:12.584 -0400] INFO 40 CNN100 ldap01.prod.domain.com "DS Plugin (SUBC100): on-demand validation has been successfully completed for 'uid=user,ou=people,dc=domain,dc=com' by authenticating the user against ldaps://winads01.ne.domain.com:636"
Do I need to add some schema to the directory proxy servers or add some control for dspsqpassword/dspswvalidate operations? I'm looking through both DPS and DS logs now in hopes of finding something.
Any additional pointers are appreciated.

DS Connector status is not SYNCING

The state for my DS connector stays "READY". I can run a "idsync resync" successfully and user creation is working but automatic updates are not pushed from AD to DS.
"idsync startsync" also complains that my DS connector is not starting.
This is running on DSEE 6.3.1 on Solaris 10 for x86.
I checked the log but so far I cannot see any explanation.
Any idea would be appreciated.
Thanks,
Pierre

The field I tried to modify on the AD side is "mail" which never replicated on the DSEE side even the mapping is done at the ISW level. The interesting part is that a "idsync resync" will create new users with the right field syncronization and will update modified attributes.
The problem is that the DSEE connector doesn't start and this is why automatic field syncronization is not working.
I am not sure which log entries you are looking for but this is what I get when running "idsync startsync".
+Failed to start synchronization for some of the requested directory sources. Synchronization for these directory sources will be started later. Wanted to start directory sources [dc=pgdev,dc=sap,dc=corp, pgdev.sap.corp], but could not start directory sources [dc=pgdev,dc=sap,dc=corp]. If connectors for these directory sources have been installed, then the synchronization for these directory sources will be started later. See the central error.log for more information on why synchronization for these directory sources could not be started.+
This is the central error log:
[+05/Mar/2010:08:25:20.918 -0800] INFO 19 "System Component Information: SysMgr_100 is the system manager (CORE); console is the Product Console User Interface; CNN100 is the connector that manages [dc=pgdev,dc=sap,dc=corp (ldap://pcldap01.pgdev.sap.corp:389)]; CNN101 is the connector that manages [pgdev.sap.corp (ldap://pgdevvan02.pgdev.sap.corp:389)];"+
+[05/Mar/2010:08:25:20.898 -0800] WARNING 13 SysMgr_100 pcldap01 "Failed to start some of the requested connectors. These connectors will be started later. Wanted to start connectors=[CNN100, CNN101], but could not start connectors=[CNN100]"+
The fact that a manual resync works make me think that the configuration is correct so I don't know why the connector is not starting...
Edited by: pcarette on Mar 5, 2010 8:29 AM

ISW and Directory Server 6.3. unable to sync passwords

I thought I try to move on to DS6.3 and Windows Sync.
I have already have 5.3 running on another machine and all works fine.
But, I am having problem with the new version.
I am getting the following error in the log files when a password change happens (AD->LDAP)
LDAP modify operation of entry uid=andrew..failed at null. Error code: 65, reason: null"
{code}
FINE 55 CNN100 ldap2 "LDAP operation on entry uid=andrew,ou=people,dc=dcs,dc=bbk,dc=ac,dc=uk failed at ldap://ldap2:389, error(65): Object class violation." (Action ID=CNN101-11DFDD5663D-32, SN=9)
SEVERE 55 CNN100 ldap2 "LDAP modify operation of entry uid=andrew,ou=people,dc=dcs,dc=bbk,dc=ac,dc=uk failed at null. Error code: 65, reason: null" (Action ID=CNN101-11DFDD5663D-32, SN=10)
SEVERE 55 CNN100 ldap2 "LDAP modify operation of entry uid=andrew,ou=people,dc=dcs,dc=bbk,dc=ac,dc=uk failed at null. Error code: 65, reason: null" (Action ID=CNN101-11DFDD5663D-32, SN=10)
{code}
The users already exist in AD and LDAP.
# idsync resync -f sul1_sg.cfg -k
# idsync resync -o Sun
# idsync resync -f sul1_sg.cfg -i NEW_LINKED_USERS
Any pointers...
Andrew

Thanks it gave me the version
[dsadm]
dsadm               : 6.3                  B2008.0311.0212 NAT
[slapd 64-bit]
Sun Microsystems, Inc.
Sun-Java(tm)-System-Directory/6.3 B2008.0311.0212 64-bit
ns-slapd            : 6.3                  B2008.0311.0212 NAT
Slapd Library       : 6.3                  B2008.0311.0212
Front-End Library   : 6.3                  B2008.0311.0212Also, the hot fix from Sun fixed my problem. All is looking good.
Cheers
Andrew

Unable to link users in Identity Synchronization

When I run the command to synchronize the users and passwords from Sun to Windows
isw1# ./idsync resync -c -o Sun -D "cn=Directory Manager" -w <passwd> -q <passwd> -l UserPasswdSync -s dc=testdomain,dc=com
Validating and starting refresh operation '1204916226343'. Hit Ctrl-C to cancel.
User progress:
# Entries sent: 1
User progress:
# Entries sent: 1
SUCCESS
isw1#
The user is created on the windows side but the password is not synchronized.
We are using Sun directory server 6.2 and Identity Synchronization which comes along with it.
Also the user is not linked by this command. Here is the ldif output of the user entry in Sun DS
isw1# ldapsearch -b "dc=testdomain,dc=com" -D "cn=Directory manager" -w <password> "uid=testuser"
version: 1
dn: uid=testuser, ou=people, dc=testdomain,dc=com
sn: TestUser
userPassword: {crypt}MQWLUp0LBPb6E
loginShell: /bin/csh
gidNumber: 111
uidNumber: 45163
shadowFlag: 0
objectClass: posixAccount
objectClass: shadowAccount
objectClass: account
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
uid: testuser
gecos: Test User
shadowLastChange: 40063
cn: testuser
homeDirectory: /home/testuser
isw1 #
Thanks in advance for your response.

I'm getting the same error. Were you ever able to resolve this ?

Idsync resync error

Similar Messages

Maybe you are looking for