ISW6 issue
I'm running the latest and greatest ISW6.0 available from sun.com. I'm hoping that I'm not missing any patches for it. I'm running a newly built 5.2p5 directory server and a Windows 2003 R2 domain controller. For all intents and purposes the AD machine is "blank", and the directory server has all of the users.
My problem: syncing works fine with new users created while syncing is turned on. I am able to create users on either side, change passwords and values of attributes specified by my configuration in ISW. However, existing users that are linked *from DS* don't seem to operate in this manner for some reason, and I've tried getting the users into the system two different ways with no success. I'm able to modify everything on the directory side, and have it successfully sync to AD, however I cannot for the life of me get the reverse to work.
Method 1: Mass import using ldapadd and an LDIF after syncing is turned on.
Method 2: Using idsync resync - "idsync resync -D userhere -w passwordhere -h directory.host.domain.com -p 389 -s o=domain.com -q passwordhere -o Sun -c"
I've read some reports that things get funky if SSL isn't enabled. I have SSL installed on DS and AD, and I've tried every permutation of it being configured and not configured that I can think of. I also used the certutil command to dump the AD's CA cert and imported it into DS, and imported it to the connector (I think) per a document I found on docs.sun.com (http://docs.sun.com/source/817-6199/Ch11_Security.html). The commands all returned successfully and didn't error, so I made the assumption that everything worked.
When I attempt to perform a modification using the regular windows domain admin tools, this is what gets logged on the ISW side (obviously I cleaned the user info out):
"Cannot modify the user entry because no matching user was found, action=Type: MODIFY SUL: SyncList1 {Data Attrs: } {Other Attrs: objectclass: top, person, organizationalPerson, user cn: Users Name Here sn: Last Name givenname: First Name dn: CN=Users Name Here,CN=Users,DC=domain,DC=com whenchanged: 20070605223831.0Z usnchanged: 28076 dspswuserlink: vkFONj4DO0CJFiPUl3uv3w== pwdlastset: 128255567112500000 uid: unamehere passwordchanged: TRUE}." (Action ID=CNN101-112FD80AF75-30791, SN=5)
Like I said before. If I create a user either in AD or DS I'm fully able to modify the entry in any direction I desire. If I attempt to modify a user brought in by one of the above methods, it doesn't sync changes made in AD to DS.
I'm reeeeeeeeeally hoping that I'm missing something obvious here, so please, feel free to point out my ignorance.
Any help would be greatly appreciated - I've been banging my head against the wall for awhile now on this issue.
