Replicating o=NetscapeRoot for admin server failover

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Using Fedora DS 1.1.2 (compiled from source) on CentOS 5.1.

I am trying to replicate o=NetscapeRoot for admin server failover and  
having a few problems.

(I have read http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html)

The detailed notes I have written on the steps for doing this can be  
found here http://jadickinson.co.uk/test/howto/replicating-netscaperoot-on-fedora-ds/

In short I
1. have server 1 already running
2. Add replication info to server 1
3. Install server 2
4. on server 2 run setup-ds.pl -f /tmp/config.inf
5. On server 1 initialize the consumer
	So now server 2 has the replicated o=netscaperoot
6. on server 2 run register-ds-admin.pl

When I do this I can connect with the console to server 1 and see both  
servers listed. I can browse the ds and admin console for server 1 OK.  
However, if I double click to open the directory console for server 2  
and click on the configuration tab I get a message saying that  
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot  
doesn't have permission to perform this operation. If I connect as  
cn=Directory Manager it works fine.

The difference seems to be that server 2 lacks the following  entries  
in the slapd-server2/dse.ldif

aci: (targetattr="*")(version 3.0; acl "Configuration Administrators  
Group"; a
  llow (all) groupdn="ldap:///cn=Configuration Administrators,  
ou=Groups, ou=T
  opologyManagement, o=NetscapeRoot";)
aci: (targetattr="*")(version 3.0; acl "Configuration Administrator";  
allow (a
  ll) userdn="ldap:///uid=admin, ou=Administrators,  
ou=TopologyManagement, o=N
  etscapeRoot";)
aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)  
groupdn = "l
  dap:///cn=slapd-server1, cn=Fedora Directory Server, cn=Server  
Group, cn=server1.example.com, ou=example.com, o=NetscapeRoot";)

Adding them to dse.ldif on server 2 seems to fix things but I don't  
understand why they don't exist on server 2 and am concerned that this  
is a sign of something that I have failed to do correctly.

Also what is the correct way to specify password in  
nsDS5ReplicaCredentials and userPassword when a) using ldapmodify or  
b) editing dse.ldif? The documentation seems to say that you should  
use the hash of the password but that seems to give odd results. Plain  
text passwords seem to work...

Thanks
John
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux