Chris G. Sellers wrote:
> Sorry for jumping in here (just joined the list) but it sounds like
> your replication user is being blocked by an ACI that you have
> applied. These could be explicit or inherited from a parent OU in the
> tree.
And you should definitely be able to see something in the access log for
host=infinity.xxx.ec.gc.ca. Keep in mind that the access log is
buffered so events will not show up for a few minutes if there is no
other activity.
>
> Make sure your Replication User is not part of a ACI or make it part
> of a new ACI that allows objectclass=* full permissions.
>
> Sellers
>
> On Dec 12, 2007, at 10:12 AM, Ryan Braun wrote:
>
>> On Tuesday 11 December 2007 11:42 pm, Rich Megginson wrote:
>> > startconsole -D -f console.log -
>>
>>
>> Below is the last 40 lines after the error. It looks like these 3
>> lines tell the story though
>>
>> ReplicationAgreement.updateAgreementFromServer: unable to read the
>> replica number of changes from {host=infinity.xxx.ec.gc.ca}
>> {port=389} {authdn=cn=Directory Manager}
>> ReplicationAgreement.updateAgreementFromServer: unable to read the
>> replica refresh attribute {host=infinity.xxx.ec.gc.ca} {port=389}
>> {authdn=cn=Directory Manager}
>> ReplicationAgreement.updateAgreementFromServer: unable to read the
>> consumer initialization status attribute (nsds5replicalastinitstatus)
>> {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager}
>>
>>
>>
>>
>> AgreementReader: start readAgreements()
>> AgreementReader: getFromServer()
>> Agreement Base DN: cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping
>> tree,cn=config
>> Filter:
>> |(objectclass=nsDS5ReplicationAgreement)(objectclass=LDAPReplica)(objectclass=nsDSWindowsReplicationAgreement)
>> ReplicationAgreement.setOrigEntryDN: cn=Replication to
>> xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping
>> tree,cn=config
>> ReplicationAgreement.setEntryDN: cn=Replication to
>> xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping
>> tree,cn=config
>> ReplicationAgreement.setOrigEntryDN: cn=Replication to
>> xxxsrvr4.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping
>> tree,cn=config
>> ReplicationAgreement.setEntryDN: cn=Replication to
>> xxxsrvr4.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping
>> tree,cn=config
>> AgreementReader: end readAgreements()
>> ReplicaResourceObject.treeExpanded: this
>> ReplicationTool.verifyDM: authDN = <cn=Directory Manager>,
>> authPassword = <xxxxxxxx>
>> getMachineDataDN: returning cn=replication,cn=config
>> AgreementReader: start readAgreements()
>> AgreementReader: getFromServer()
>> Agreement Base DN: cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping
>> tree,cn=config
>> Filter:
>> |(objectclass=nsDS5ReplicationAgreement)(objectclass=LDAPReplica)(objectclass=nsDSWindowsReplicationAgreement)
>> ReplicationAgreement.setOrigEntryDN: cn=Replication to
>> xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping
>> tree,cn=config
>> ReplicationAgreement.setEntryDN: cn=Replication to
>> xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping
>> tree,cn=config
>> ReplicationAgreement.setOrigEntryDN: cn=Replication to
>> xxxsrvr4.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping
>> tree,cn=config
>> ReplicationAgreement.setEntryDN: cn=Replication to
>> xxxsrvr4.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping
>> tree,cn=config
>> AgreementReader: end readAgreements()
>> Add MMR Node
>> Class is com.netscape.admin.dirserv.panel.replication.MMRAgreement
>> Add MMR Node
>> Class is com.netscape.admin.dirserv.panel.replication.MMRAgreement
>> ResourceSet:getString():Unable to resolve general-Apply-ttip
>> ResourceSet:getString():Unable to resolve general-Reset-ttip
>> ResourceSet:getString():Unable to resolve general-Help-ttip
>> ReplicationAgreement.updateAgreementFromServer: unable to read the
>> replica number of changes from {host=infinity.xxx.ec.gc.ca}
>> {port=389} {authdn=cn=Directory Manager}
>> ReplicationAgreement.updateAgreementFromServer: unable to read the
>> replica refresh attribute {host=infinity.xxx.ec.gc.ca} {port=389}
>> {authdn=cn=Directory Manager}
>> ReplicationAgreement.updateAgreementFromServer: unable to read the
>> consumer initialization status attribute (nsds5replicalastinitstatus)
>> {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager}
>> BlankPanel.refresh:refreshed panel data. Class
>> com.netscape.admin.dirserv.panel.replication.AgreementInfoPanel
>> DSEntrySet.getAttributes(): read entry from DS:LDAPEntry:
>> cn=Replication to
>> xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping
>> tree,cn=config; LDAPAttributeSet:
>> DSEntrySet.getAttributes(): attributes for this
>> entry:[Ljava.lang.String;@1a28362
>> DSEntrySet.getAttributes(): failed to get attribute description in
>> cn=Replication to
>> xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping
>> tree,cn=config
>> DSEntrySet.show(): some of the attributes of cn=Replication to
>> xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping
>> tree,cn=config could not be read. Either they are not present in the
>> entry or there is an ACI which prevents that attribute from being
>> read. Try authenticating as a user with more access
>> DSUtil.reauthenticate: begin: ldc={host=infinity.xxx.ec.gc.ca}
>> {port=389} {authdn=cn=Directory Manager}
>> ReplicationAgreement.updateAgreementFromServer: unable to read the
>> replica number of changes from {host=infinity.xxx.ec.gc.ca}
>> {port=389} {authdn=cn=Directory Manager}
>> ReplicationAgreement.updateAgreementFromServer: unable to read the
>> replica refresh attribute {host=infinity.xxx.ec.gc.ca} {port=389}
>> {authdn=cn=Directory Manager}
>> ReplicationAgreement.updateAgreementFromServer: unable to read the
>> consumer initialization status attribute (nsds5replicalastinitstatus)
>> {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager}
>> DSTabbedPanel.select:
>> com.netscape.admin.dirserv.panel.replication.AgreementPanel[,0,0,605x468,layout=java.awt.BorderLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=9,maximumSize=,minimumSize=java.awt.Dimension[width=1,height=1],preferredSize=]
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> <mailto:Fedora-directory-users at redhat.com>
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
>
> ---
> Chris G. Sellers Lead Internet Engineer
> National Institute for Technology & Liberal Ed.
> 535 West William Street, Ann Arbor, MI 48103
> chris.sellers at nitle.org <mailto:chris.sellers at nitle.org> 734.661.2318
>
>
>
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20071212/22ca8225/attachment.bin
