On 03/23/2012 11:09 AM, Herb Burnswell wrote:
Thanks for the reply David.
>> 1. How can I find out which system(s) is/are master,
consumer, hub, etc?
>>>>You should be able to determine the role of the
Directory Server for each
>>>>system by logging into the LDAP console under
>>>>"Configuration->Replication". The role is
either "Single Master", "Hub" or
>>>>"Dedicated Consumer".
I was able to determine that we have two "Multiple Master"
systems. Let's call them 'A' and 'B'. System A has been the only
system running for what appears to be several years (it is being
backed up nightly). System B has been off for some time but is
running now.
>> 2. How do I confirm that the systems have the correct
credentials for
replication? (I am receiving: "Unable to acquire replica:
Permission
denied.")
a. How can I change the bind dn "cn=replication,cn=config"
credentials
on each system to ensure replication will work?
>>>>You can do that on the console as well. Just
navigate down the directory
>>>>tree and manually reset the password for the
replication user account.
>>>>There's a possibility that your replication user
account's password expired.
I can navigate to the screen to reset the password for the
replication user account. I have not reset the passwords yet as I
am reading documentation to confirm that system B will simply
update it's data to system A's upon resuming replication.
When you change the password of the replication user on B, you'll
also have to update those credentials in the replication agreement
on A for the agreement from A to B.
Note that if replication has been down for years, you will have to
perform a manual replica initialization procedure - replication will
not automatically "catch up" if it has been down that long.
>> 3. I assume that upon repairing replication (apparently
it has not been
working for several years) the systems will all replicate to the
most
recent information. Correct?
>>>>I think that's the tricky part. Make sure you
backup your directory on all
>>>>the LDAP first so you have something to roll back.
I *believe* the last
>>>>step when setting up replication is initializing
the directory and that
>>>>will wipe out directory on the other LDAP.
Someone on the list might be
>>>>able to provide a better on this but I am just
giving you a heads up that
>>>>this can be a complicated process.
Given the fact that system B has not been running for some time,
ideally it would simply replicate to the current data on system
A. After replication is reestablished the systems are set up to
"Always keep directories in sync". If anyone can confirm the
behavior that will occur upon replication on these two systems it
would be greatly appreciated.
Thanks in advance,
Herb
------------------------------
Message: 2
Date: Thu, 22 Mar 2012 10:40:34 -0400
From: Chun Tat David Chu <beyonddc.storage@xxxxxxxxx>
To: "General discussion list for the 389 Directory server
project."
<389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [389-users] Repair replication
Message-ID:
<CANCf8oLYKet99sB_ou4U3CER8U89UgwZhGUBTHekcF9HWNKL9g@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
Hey Herb,
You should refer to the Red Hat Directory Server
administration guide for
detail about setting up replication which you can locate in
here.
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/
>> 1. How can I find out which system(s) is/are master,
consumer, hub, etc?
You should be able to determine the role of the Directory
Server for each
system by logging into the LDAP console under
"Configuration->Replication". The role is either "Single
Master", "Hub" or
"Dedicated Consumer".
>> 2. How do I confirm that the systems have the correct
credentials for
replication? (I am receiving: "Unable to acquire replica:
Permission
denied.")
a. How can I change the bind dn "cn=replication,cn=config"
credentials
on each system to ensure replication will work?
You can do that on the console as well. Just navigate down
the directory
tree and manually reset the password for the replication user
account.
There's a possibility that your replication user account's
password expired.
>> 3. I assume that upon repairing replication
(apparently it has not been
working for several years) the systems will all replicate to
the most
recent information. Correct?
I think that's the tricky part. Make sure you backup your
directory on all
the LDAP first so you have something to roll back. I
*believe* the last
step when setting up replication is initializing the directory
and that
will wipe out directory on the other LDAP. Someone on the
list might be
able to provide a better on this but I am just giving you a
heads up that
this can be a complicated process.
Good luck
- David
2012/3/21 Herb Burnswell <herbert.burnswell@xxxxxxxxx>
> Hi All,
>
> I'm new to LDAP administration and have been tasked with
fixing the system
> replication of 4 Linux systems running Fedora Directory
Services. I am
> very comfortable working with Linux/Unix but am not
experienced with LDAP.
> I've been reading the communications from this user group
and reading as
> much as I can from documentation. I believe this
environment is not too
> complex but I am looking for some guidance, any
assistance is greatly
> appreciated.
>
> Info:
>
> OS: Fedora Core 4
> LDAP: Fedora Directory Server v 7.1
>
> First, I know that both the systems and FDS versions are
ancient.
> However, at this point I need to get the replication
working prior to
> putting together a migration plan. I have access to the
Directory Manager
> console and am comfortable running command line commands
as well. Either
> way is fine.
>
> Questions:
>
> 1. How can I find out which system(s) is/are master,
consumer, hub, etc?
>
> 2. How do I confirm that the systems have the correct
credentials for
> replication? (I am receiving: "Unable to acquire replica:
Permission
> denied.")
> a. How can I change the bind dn
"cn=replication,cn=config" credentials
> on each system to ensure replication will work?
>
> 3. I assume that upon repairing replication (apparently
it has not been
> working for several years) the systems will all replicate
to the most
> recent information. Correct?
>
> Again, any guidance is greatly appreciated.
>
> Thanks in advance,
>
> Herb
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120322/edfe5e8f/attachment-0001.html>
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
|
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
