AD sync only transfers some users

[technema]

It does work. You have a group over 32 characters and maybe that's just some arbitrary limit or something, for compatibility reasons, with older versions of Windows Server. Maybe it's to be compliant with older Linux Samba versions. The main thing is, if Windows Server has no 32-character limitation, then there should be a checkbox somewhere to enable or disable the 32-character limit.

Ok but this group is created by Windows at the installation ...

Thx for you help by the way 

[pixeldrift]

Ok, I fixed the initial error by editing /usr/share/perl5/EBox/UsersAndGroups.pm and set MAXGROUPLENGTH to be 40. However, now it is giving another one:

2010/02/11 14:45:12 DEBUG> ebox-ad-sync:296 main::getPrincipalName - [ad-sync] can't get userPrincipalName for...

And it says that about a number of users. Still now change otherwise, I still am only getting the same few users imported as before. Not sure what would be causing this. Thoughts?

[technema]

Ok, I fixed the initial error by editing /usr/share/perl5/EBox/UsersAndGroups.pm and set MAXGROUPLENGTH to be 40. However, now it is giving another one:

2010/02/11 14:45:12 DEBUG> ebox-ad-sync:296 main::getPrincipalName - [ad-sync] can't get userPrincipalName for...

And it says that about a number of users. Still now change otherwise, I still am only getting the same few users imported as before. Not sure what would be causing this. Thoughts?

Exactly the same issue ...

[oinadmin]

I have the same error, help please!

[Saturn2888]

You might have to change another value which is also a fixed-char variable.

[per]

Hi.
I had the problem with groups lenght. changed UsersAndGroups.pm now i have the error:
Invalid value for group name: Grupo de acceso de autorización de windows.
I think the problem is the "ó".
The group cannot be changed o deleted in AD.

Hope someone can help me.

[technema]

Ok, I fixed the initial error by editing /usr/share/perl5/EBox/UsersAndGroups.pm and set MAXGROUPLENGTH to be 40. However, now it is giving another one:

2010/02/11 14:45:12 DEBUG> ebox-ad-sync:296 main::getPrincipalName - [ad-sync] can't get userPrincipalName for...

And it says that about a number of users. Still now change otherwise, I still am only getting the same few users imported as before. Not sure what would be causing this. Thoughts?

Exactly the same issue ...

I have found this on the trac : http://trac.ebox-platform.com/changeset/14955

Issue is here, in the function getPrincipalName() ...

jacalvo, please help !!!

Thx

[J. A. Calvo]

It is already fixed on the svn, and a new package will be released very soon.

In the meanwhile, you can download the fixed file from:

http://trac.ebox-platform.com/export/16907/trunk/client/usersandgroups/tools/ebox-ad-sync

And copy it to /usr/share/ebox-usersandgroups/

Hope this helps!

[technema]

It is already fixed on the svn, and a new package will be released very soon.

In the meanwhile, you can download the fixed file from:

http://trac.ebox-platform.com/export/16907/trunk/client/usersandgroups/tools/ebox-ad-sync

And copy it to /usr/share/ebox-usersandgroups/

Hope this helps!

Thx a lot, it seems to work. I have always some errors in the logs but my users are now in the groups 

For the issue with accented characters in UsersAndGroups.pm, i think the problem is in the regexp in the function sub _checkName. i have to change it :

$name =~ /^.*$/

[J. A. Calvo]

For the issue with accented characters in UsersAndGroups.pm, i think the problem is in the regexp in the function sub _checkName. i have to change it :

$name =~ /^.*$/

I'm not sure if this is correct, the usernames shouldn't be accented in UNIX, have a look at this:

Code: [Select]

# adduser fóòô
adduser: To avoid problems, the username should consist only of
letters, digits, underscores, periods, at signs and dashes, and not start with
a dash (as defined by IEEE Std 1003.1-2001).

[technema]

For the issue with accented characters in UsersAndGroups.pm, i think the problem is in the regexp in the function sub _checkName. i have to change it :

$name =~ /^.*$/

I'm not sure if this is correct, the usernames shouldn't be accented in UNIX, have a look at this:

Code: [Select]

# adduser fóòô
adduser: To avoid problems, the username should consist only of
letters, digits, underscores, periods, at signs and dashes, and not start with
a dash (as defined by IEEE Std 1003.1-2001).

Ok but some groups on Windows Server are accented and created by Windows itself ... so i don't want to remove them.

[J. A. Calvo]

Ok but some groups on Windows Server are accented and created by Windows itself ... so i don't want to remove them.

Yes, I understand that. But with the current version (the ebox-ad-sync file from the svn repository), the only problem is that a warning appear in the log, isn't it? I mean, the synchronization of the rest of the users and groups works perfect I suppose...

[technema]

Ok but some groups on Windows Server are accented and created by Windows itself ... so i don't want to remove them.

Yes, I understand that. But with the current version (the ebox-ad-sync file from the svn repository), the only problem is that a warning appear in the log, isn't it? I mean, the synchronization of the rest of the users and groups works perfect I suppose...

Yes, with the new ebox-ad-sync, It syncs with AD, users are in groups etc ... but the passwords don't synchronise. I don't see anything about the passwords in the logs.

[J. A. Calvo]

Have you reset the passwords you want to synchronize?

As it says in the guide (http://trac.ebox-platform.com/wiki/Document/Documentation/EBoxActiveDirectorySync):

The passwords for the already existing users will need to be reset in order to synchronize them.

[technema]

Have you reset the passwords you want to synchronize?

As it says in the guide (http://trac.ebox-platform.com/wiki/Document/Documentation/EBoxActiveDirectorySync):

The passwords for the already existing users will need to be reset in order to synchronize them.

yes
I can see passwords with the command slapcat but they are encrypted