On Wednesday 12 December 2007 4:02 pm, Rich Megginson wrote:
> Chris G. Sellers wrote:
> > Sorry for jumping in here (just joined the list) but it sounds like
> > your replication user is being blocked by an ACI that you have
> > applied. These could be explicit or inherited from a parent OU in the
> > tree.
>
> And you should definitely be able to see something in the access log for
> host=infinity.xxx.ec.gc.ca. Keep in mind that the access log is
> buffered so events will not show up for a few minutes if there is no
> other activity.
>
> > Make sure your Replication User is not part of a ACI or make it part
> > of a new ACI that allows objectclass=* full permissions.
Ok I think I got it.
After looking closer at the console log file and this line
DSEntrySet.getAttributes(): failed to get attribute description in
cn=Replication to
infinity.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping
tree,cn=config
I went and manually added a description attribute for the replication
agreement and I no longer am getting prompted for authentication. So I'll
just modify my sub and have it create some kind of default description
attribute.
Still get the
ReplicationAgreement.updateAgreementFromServer: unable to read the replica
number of changes from {host=ywgldap1.isb.ec.gc.ca} {port=389}
{authdn=cn=Directory Manager}
ReplicationAgreement.updateAgreementFromServer: unable to read the replica
refresh attribute {host=ywgldap1.isb.ec.gc.ca} {port=389}
{authdn=cn=Directory Manager}
ReplicationAgreement.updateAgreementFromServer: unable to read the consumer
initialization status attribute (nsds5replicalastinitstatus)
{host=ywgldap1.isb.ec.gc.ca} {port=389} {authdn=cn=Directory Manager}
But I'm guessing those are more informative type messages then error messages.
Ryan
