Synchronizing Red Hat Directory Server with Microsoft Active Directory Fails if the 'seeAlso' Attribute is Present in a Synced Directory Server Entry

Solution Verified - Updated -

Issue

  • Full synchronization with Active Directory fails upon encountering a Directory Server entry with a "seeAlso" attribute

Environment

  • Red Hat Enterprise Linux 4

  • Red Hat Enterprise Linux 5

  • Red Hat Directory Server 8.1

  • Microsoft Active Directory
  • Synced user with a seeAlso attribute value set to an entry outside of the synced subtree

Resolution   

  • Resolved in Red Hat Directory Server 8.2

  • If upgrading to Red Hat Directory Server 8.2 is not possible, then the following steps should be followed:

    • Remove the 'seeAlso' attribute from any RHDS entries that have it present
    • Initiate a full re-synchronization with AD
    • Replace the 'seeAlso' attribute to all of the RHDS entries from which it was removed
    • NOTE: Incremental updates with AD will not abort on RHDS entries that have the seeAlso attribute as long as the initial synchronization was completed without this attribute being present

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content