Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 994958
Description of problem:
Sub OU users are not synced when winsync agreement is created with
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Setup AD and IPA server
2. Create an OU and sub OU within the OU on AD
3. Create a user in OU and a user in sub OU
4. Create winsync agreement with the OU using --win-subtree option
Only user from OU is synced to IPA. User from sub OU is not synced
User from Sub OU should also sync to IPA
ipaWinSyncUserFlatten is set
# ipa-winsync, plugins, config
Logs errors.txt attached
Bug description: When processing a DN from AD, the DN is passed to
a helper function is_subject_of_agreement_remote (windows_protocol_
util.c) to check if the DN is a subject of the sync service or not.
The helper function was checking if the AD DN is just one-level
child of the agreement subtree top (nsds7WindowsReplicaSubtree) but
not the subtree-level descendents. Note: the DN is an original one
in AD, which has not be flattened yet. Therefore, the AD entry was
determined not to be synchronized.
Fix description: This bug was fixed in the master tree with the
ticket #521 - modrdn + NSMMReplicationPlugin - Consumer failed to
3) is_subject_of_agreement_remote (windows_protocol_util.c):
When checking if the entry was in the subtree defined in the
agreement or not, it returned true only if the entry is a
direct child of the agreement subtree top. This patch returns
true if the entry is the further descendent of the subtree.
The fix is back ported to 389-ds-base-1.3.1 branch.
Reviewed by Rich (Thank you!!)
Pushed to 389-ds-base-1.3.1 branch:
3e7ee7c..529a544 389-ds-base-1.3.1 -> 389-ds-base-1.3.1
Pushed to 389-ds-base-1.2.11 branch:
eed8bcc..26c669d 389-ds-base-1.2.11 -> 389-ds-base-1.2.11
Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 22.214.171.124
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)
to comment on this ticket.