yes i saw the article and had followed the instructions.
but today i noticed that before if i added changes to my “mirror” invention system, in the past they were propagated to the “real” AD server.
however now they are not propagated, which would suggest that after i followed the article , i broke something…
which after looking at your recommendations appears to be the case…
[quote] univention-connector-list-rejected
Traceback (most recent call last):
File “/usr/sbin/univention-connector-list-rejected”, line 191, in
main()
File “/usr/sbin/univention-connector-list-rejected”, line 152, in main
False
File “/usr/lib/pymodules/python2.7/univention/connector/ad/init.py”, line 734, in init
self.open_ad()
File “/usr/lib/pymodules/python2.7/univention/connector/ad/init.py”, line 926, in open_ad
self.lo_ad = univention.uldap.access(host=self.ad_ldap_host, port=int(self.ad_ldap_port), base=self.ad_ldap_base, binddn=self.ad_ldap_binddn, bindpw=self.ad_ldap_bindpw, start_tls=tls_mode, use_ldaps=ldaps, ca_certfile=self.ad_ldap_certificate, decode_ignorelist=[‘objectSid’, ‘objectGUID’, ‘repsFrom’, ‘replUpToDateVector’, ‘ipsecData’, ‘logonHours’, ‘userCertificate’, ‘dNSProperty’, ‘dnsRecord’, ‘member’])
File “/usr/lib/pymodules/python2.7/univention/uldap.py”, line 150, in init
self.__open(ca_certfile)
File “/usr/lib/pymodules/python2.7/univention/uldap.py”, line 189, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 860, in _apply_method_s
return func(self,*args,**kwargs)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {‘info’: ‘80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1’, ‘desc’: ‘Invalid credentials’}[/quote]
I’m getting an error here on the commands
[quote]root@mirror:~# /etc/init.d/univention-ad-connector stop
[info] Stopping univention-ad-connector daemon.
done.
root@mirror:~# ucr unset connector/ad/mapping/user/password/kinit
W: The config registry variable ‘connector/ad/mapping/user/password/kinit’ does not exist
root@mirror:~# find /etc/univention/connector/ ( -name “internal.cfg” -o -name “internal.sqlite” ) -exec mv “{}” “{}.bak_$(date +%s)” ;
root@mirror:~# [/quote]
I think that because this is only a “mirror” setup and not a full DC takeover , that this functionality is not available.
but i tracked the above error down to this, obviously that is NOT a FQbind name:
ucr set connector/ad/ldap/binddn=Administrator