Hi, Using Fedora DS 1.1.2 (compiled from source) on CentOS 5.1. I am trying to replicate o=NetscapeRoot for admin server failover and having a few problems. (I have read http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html) The detailed notes I have written on the steps for doing this can be found here http://jadickinson.co.uk/test/howto/replicating-netscaperoot-on-fedora-ds/ In short I 1. have server 1 already running 2. Add replication info to server 1 3. Install server 2 4. on server 2 run setup-ds.pl -f /tmp/config.inf 5. On server 1 initialize the consumer So now server 2 has the replicated o=netscaperoot 6. on server 2 run register-ds-admin.pl When I do this I can connect with the console to server 1 and see both servers listed. I can browse the ds and admin console for server 1 OK. However, if I double click to open the directory console for server 2 and click on the configuration tab I get a message saying that uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot doesn't have permission to perform this operation. If I connect as cn=Directory Manager it works fine. The difference seems to be that server 2 lacks the following entries in the slapd-server2/dse.ldif aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; a llow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=T opologyManagement, o=NetscapeRoot";) aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (a ll) userdn="ldap:///uid=admin, ou=Administrators, ou=TopologyManagement, o=N etscapeRoot";) aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "l dap:///cn=slapd-server1, cn=Fedora Directory Server, cn=Server Group, cn=server1.example.com, ou=example.com, o=NetscapeRoot";) Adding them to dse.ldif on server 2 seems to fix things but I don't understand why they don't exist on server 2 and am concerned that this is a sign of something that I have failed to do correctly. Also what is the correct way to specify password in nsDS5ReplicaCredentials and userPassword when a) using ldapmodify or b) editing dse.ldif? The documentation seems to say that you should use the hash of the password but that seems to give odd results. Plain text passwords seem to work... Thanks John