Linux Admin wrote: > Richard, Here is more detail error message > [01/May/2006:18:21:38 -0500] NSMMReplicationPlugin - > agmt="cn=F04T02NET" (serve01:1389): Unable to acquire replica: > permission denied. The bind dn "cn=replication manager,cn=config" does > not have permission to supply replication updates to the replica. Will > retry later This usually means there is no supplier DN given in the replica config, or there is a spelling error in the supplier DN name. > > > > On 5/1/06, *Richard Megginson* <rmeggins at redhat.com > <mailto:rmeggins at redhat.com>> wrote: > > Linux Admin wrote: > > Richard, > > I have tried disabling the pass-through on server 2 and > unfortunately > > I still can not replicate from 2 to 1. > > Replications from 1 to 2 works fine. I had to manually create > > NetscapeRoot on 2 initially, could be it that is created with > > different set of attributes then on 1. > > The error is 3. Permission denied. > Make sure the user you are using as your supplier DN on server 1 > exists > on server 1 (and likewise for server 2). Try using ldapsearch > from the > command line - bind with your supplier DN and password - to see if you > can use those credentials to search the suffix on both servers. > > What else could it be. > > Thanks for all your help. > > > > > > > > On 4/28/06, *Linux Admin* <sysadmin.linux at gmail.com > <mailto:sysadmin.linux at gmail.com> > > <mailto: sysadmin.linux at gmail.com > <mailto:sysadmin.linux at gmail.com>>> wrote: > > > > Richard, > > Thanks, let me try. I am surprised there is no documentation at > > all on NetScape root replication. > > You help is very much appricated > > > > > > > > > > On 4/28/06, * Richard Megginson* <rmeggins at redhat.com > <mailto:rmeggins at redhat.com> > > <mailto:rmeggins at redhat.com <mailto:rmeggins at redhat.com>>> > wrote: > > > > Linux Admin wrote: > > > Richard, > > > Thanks, this is very good. > > > I do not want to really disable it right now, > > I think you may need to disable it on the replica in > order to make > > replication work. > > > I just want to have 2 way replication between Server 1 and > > Server 2, > > > and used authenticate against server1. I would then > setup in > > pluging > > > authentication against both 1 and 2. Is this right way? > > > Thank your very much for your time and advice. > > > > > > > > > On 4/28/06, *Richard Megginson* < rmeggins at redhat.com > <mailto:rmeggins at redhat.com> > > <mailto:rmeggins at redhat.com <mailto:rmeggins at redhat.com>> > > > <mailto: rmeggins at redhat.com > <mailto:rmeggins at redhat.com> <mailto:rmeggins at redhat.com > <mailto:rmeggins at redhat.com>>>> > > wrote: > > > > > > Linux Admin wrote: > > > > Folks, > > > > Is it possible to set up multi-master replication of > > NetscapeRoot > > > > configuration directory. > > > > I have tried and I can successfully initialize > > subscribers from the > > > > current configuration directory server. > > > > However initialization of replication in opposite > > direction fails. > > > > > > > > Server 1 current conf dir -> Server 2: > rplication sucsfull > > > > o=NetscapeRoot is populated > > > > Server 1 current conf dir <- Server 2: rplication > > failes with error: > > > > Permission denied. Error code 3 > > > Part of the problem is that, when you set up a second > > instance, the > > > installer automatically enables pass through > > authentication for the > > > console admin user, which allows that user to login as > > > uid=admin,.....,o=NetscapeRoot on machines which > do not have > > > o=NetscapeRoot. So the first thing you need to do > is to > > disable the > > > pass through auth plugin (console -> directory > console -> > > > Configuration > > > -> Plug-ins -> Pass Through -> uncheck the Enable > box - then > > > restart the > > > server. > > > > > > > > on Server 2 I had to manully create NetscapeRoot > database. > > > > What am I missing?. Is it "idiot prrof" feature? > > > > > > > > Thanks in advance for any help > > > > SysLin > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com> > > <mailto:Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com>> > > > <mailto: Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com> > > <mailto:Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com>>> > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > < > https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com> > > <mailto:Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com>> > > > <mailto: Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com> > > <mailto:Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com>>> > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com> > > <mailto:Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com>> > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com> > > <mailto: Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com>> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > <mailto:Fedora-directory-users at redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060501/18b4a76c/attachment.bin
