Single Master replication : after master o.s. + dirsrv upgrade, replication fails with nsds5replicaLastInitStatus=3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have a single master replicating to 2 slaves.
The master is Fedora Directory Server v1.0.4
The slaves are 389-DirectoryServer v1.2.10.

This has been working fine.

I tried to replace the single master with the same ds software as the slaves (389-DirectoryServer v1.2.10), but I could not get replication to work.

I'm hoping someone can help me see what I did wrong.

What I did:
-----------
1) deleted the replication agreements from the Fedora ds master.
(Not sure this was necessary.  Thought it might leave the slave replicas in a state that would more cleanly accept new replication agreements).

2) replaced the fedora ds master with new o.s. running 389-ds v1.2.10.  Created new slapd instance, and loaded it with the same schema and data as was used in the fedora ds DIT.

3) created replication agreements (on the new master) with the 2 slaves.

What I see:
-----------
a) Immediately, the replication status was:
"nsds5replicaLastInitStatus: 3 Replication error acquiring replica: permission denied"

b) On the master, /var/log/dirsrv/slapd-madds1/errors says this:
"NSMMReplicationPlugin - agmt="cn=o-ihccom-to-madds2" (madds2:389): Unable to acquire replica: permission denied. The bind dn "uid=replica-manager,cn=config" does not have permission to supply replication updates to the replica. Will retry later."

c) On the slaves, /var/log/dirsrv/slapd-madds2/errors says this:
"NSMMReplicationPlugin - conn=34 op=3 replica="dc=example,dc=com": Unable to acquire replica: error: permission denied"

d) The following query on a slave, shows that the bind-dn used by the master is correct:
ldapsearch -x -LLL -D 'cn=directory manager' -W -b cn=config -s sub  objectclass=nsds5replica
yields output like this:
dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: nsds5replica
objectClass: extensibleObject
cn: replica
nsDS5ReplicaRoot: dc=example,dc=com
nsDS5ReplicaType: 2
nsDS5ReplicaBindDN: uid=replica-manager,cn=config
nsDS5Flags: 0
nsDS5ReplicaId: 65535
nsState:: //8AAAAAAADDxzdRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
nsDS5ReplicaName: edb50b02-86af11e2-9dc2a557-8005a77d
nsds5ReplicaChangeCount: 0
nsds5replicareapactive: 0

Thanks for any insight you offer.
-- 
Jon Detert
Sr. Systems Administrator
Infinity Healthcare
Milwaukee, Wisconsin
414-290-6759
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux