Mister Anonyme wrote: > > Date: Wed, 13 Aug 2008 14:03:31 -0600 > > From: rmeggins at redhat.com > > To: fedora-directory-users at redhat.com > > Subject: Re: (no subject) > > > I think it is mentioned in the documentation. > > > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html > > "2. Install and configure the second Directory Server instance. For the > > second server, |server2.example.com|, use the |setup-ds.pl| command, > > which installs a Directory Server instance without installing a local > > Administration Server. " > > > > Which is what you did below anyway. However, there is a doc bug: > > "ConfigFile = netscaperootdb.ldif example suffix entry" > > This links to an example of the suffix only, which is what you did > below > > - the ldif only creates the suffix, not the associated database. > > > > The LDIF file should contain this: > > > > dn: cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config > > objectclass: top > > objectclass: extensibleObject > > objectclass: nsBackendInstance > > nsslapd-suffix: o=NetscapeRoot > > cn: NetscapeRoot > > > > dn: cn=encrypted attribute keys,cn=NetscapeRoot,cn=ldbm > > database,cn=plugins,cn=config > > objectClass: top > > objectClass: extensibleObject > > cn: encrypted attributes keys > > > > dn: cn=encrypted attributes,cn=NetscapeRoot,cn=ldbm > > database,cn=plugins,cn=config > > objectClass: top > > objectClass: extensibleObject > > cn: encrypted attributes > > > > dn: cn="o=NetscapeRoot",cn=mapping tree,cn=config > > objectclass: top > > objectclass: extensibleObject > > objectclass: nsMappingTree > > cn: "o=NetscapeRoot" > > nsslapd-state: backend > > nsslapd-backend: NetscapeRoot > > > Great! It fixed the issue. > > I was also able to synchronize between two servers. > > But, when I execute the register-ds-admin.pl (step 4), I have this: > > # /usr/sbin/register-ds-admin.pl > Beginning registration of the Directory Server > ============================================================================== > The Directory Server locates its configuration file (dse.ldif) at > /etc/dirsrv/slapd-ID, by default. If you have Directory Server(s) > which configuration file is put at the other location, you need to > input it to register the server. > > If you have such Directory Server, type the full path that stores the > configuration file. > > If you don't, type return. > [configuration directory path or return]: > > > ============================================================================== > Candidate servers to register: > /etc/dirsrv/slapd-myinstance > > ============================================================================== > Do you want to use this server as Configuration Directory Server? > > Directory server identifier [myinstance]: > > ============================================================================== > The server must run as a specific user in a specific group. > It is strongly recommended that this user should have no privileges > on the computer (i.e. a non-root user). The setup procedure > will give this user/group some permissions in specific paths/files > to perform server-specific operations. > > If you have not yet created a user and group for the server, > create this user and group using your native operating > system utilities. > > System User [nobody]: > System Group [nobody]: > > ============================================================================== > Please specify the information about your configuration directory > server. The following information is required: > - host (fully qualified), port (non-secure or secure), suffix, > protocol (ldap or ldaps) - this information should be provided in the > form of an LDAP url e.g. for non-secure > ldap://host.example.com:389/o=NetscapeRoot > or for secure > ldaps://host.example.com:636/o=NetscapeRoot > - admin ID and password > - admin domain > - a CA certificate file may be required if you choose to use ldaps and > security has not yet been configured - the file must be in PEM/ASCII > format - specify the absolute path and filename > > Configuration directory server URL [ldap://SERVER2:389/o=NetscapeRoot]: > Configuration directory server admin ID [admin]: > Configuration directory server admin password: > Configuration directory server admin password (confirm): > Configuration directory server admin domain [DOMAIN]: DOMAIN > > ============================================================================== > The information stored in the configuration directory server can be > separated into different Administration Domains. If you are managing > multiple software releases at the same time, or managing information > about multiple domains, you may use the Administration Domain to keep > them separate. > > If you are not using administrative domains, press Enter to select the > default. Otherwise, enter some descriptive, unique name for the > administration domain, such as the name of the organization > responsible for managing the domain. > > Administration Domain [DOMAIN]: > > ============================================================================== > The Administration Server is separate from any of your web or application > servers since it listens to a different port and access to it is > restricted. > > Pick a port number between 1024 and 65535 to run your Administration > Server on. You should NOT use a port number which you plan to > run a web or application server on, rather, select a number which you > will remember and which will not be used for anything else. > > Administration port [9830]: > > ============================================================================== > Registering new Config DS: SERVER2 > > ============================================================================== > Input the Directory Server password on the server SERVER2: > Error: failed to register the configuration server info to the > Configuration Directory Server SERVER2. Hmm - not sure. Either earlier attempts have broken something past the point of repair, or there is a bug in register-ds-admin.pl - maybe it expects o=NetscapeRoot to not already exist? But then the setup step earlier would fail without it. Try register-ds-admin.pl -ddd > > > > ------------------------------------------------------------------------ > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080813/61a00df2/attachment.bin
