Replication fails due to lack of permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I started with two Redhat EL3U5 servers, setting up the newest available
directory server (fedora-ds rpm) on each server with an identical
configuration.  I set up Single Master replication according to this
guide:
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/replicat.html#11088
49.  That is, I created a 'cn=replication manager,cn=config' by pasting
the example entry from the guide in the config/dse.ldif on the slave
(consumer) server.  I verified this account works by using LDAP
Browser/Editor, I can log in and view my LDAP directory 'dc=foo,dc=net'.
I cannot, however, add or delete any foo.net entries when logged in as
the replication manager.  When I configured a replication agreement on
the master/supplier and restarted both servers, it errors out with:
 
NSMMReplicationPlugin - agmt="cn=myagreement" (192:1389): Unable to
acquire replica: permission denied. The bind dn "cn=replication
manager,cn=config" does not have permission to supply replication
updates to the replica. Will retry later.
 
I had specified the ip address of the slave/consumer server when setting
up the replication agreement, but because it refers to it as '192:1389'
in the logs I thought maybe it was looking for a hostname.  Getting past
the fact that it will not allow underscores in the consumer name (I
assume this is a bug), I added an /etc/hosts entry for the consumer on
the master and recreated the replication agreement and restarted both
servers.  I still have the same problem:
 
NSMMReplicationPlugin - agmt="cn=myagreement" (testappserver2:1389):
Unable to acquire replica: permission denied. The bind dn
"cn=replication manager,cn=config" does not have permission to supply
replication updates to the replica. Will retry later.
 
On the slave/consumer, I get:
 
NSMMReplicationPlugin - conn=9 op=3 replica="dc=foo,dc=net": Unable to
acquire replica: error: permission denied
 
Any idea why this is happening?  Shouldn't the replication manager have
read/write permissions to the userRoot by default since it inherits all
the administrator roles?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20070607/78350719/attachment.html
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux