Hi,
I have two 389-ds servers. I want them to do multi-master replication to each other. Beyond these 2, there are no other servers.
I tried to do this via the command-line, following RedHat's guide [2].
However, /var/log/dirsrv/slapd-*/errors says this:
[18/Mar/2014:15:02:10 -0500] NSMMReplicationPlugin - conn=22 op=3 replica="o=infinityhealthcare.com": Unable to acquire replica: error: permission denied
[18/Mar/2014:15:07:02 -0500] NSMMReplicationPlugin - agmt="cn=o-ihccom-to-ds2" (test-ds2:389): Unable to acquire replica: permission denied. The bind dn "uid=replica-manager,cn=config" does not have permission to supply replication updates to the replica. Will retry later.
[18/Mar/2014:15:07:02 -0500] NSMMReplicationPlugin - agmt="cn=dc-ihc-dc-com-to-ds2" (test-ds2:389): Unable to acquire replica: permission denied. The bind dn "uid=replica-manager,cn=config" does not have permission to supply replication updates to the replica. Will retry later.
Any ideas what to do to fix?
In case it helps explain the problem, here is what one of the replication agreements looks like:
dn: cn=dc-ihc-dc-com-to-ds2,cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,c
n=mapping tree,cn=config
objectClass: top
objectClass: nsDS5ReplicationAgreement
description: agreement to replicate dc=ihc,dc=com tree from ds1 to ds2
cn: dc-ihc-dc-com-to-ds2
nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com
nsDS5ReplicaHost: test-ds2.infinityhealthcare.com
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: uid=replica-manager,cn=config
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE authorityRevocationLis
t accountUnlockTime memberof
nsDS5ReplicaCredentials: {DES}Nz0qsqM5nShesnQPldsB7vYKQXOj2azjan8bTsUWxNM=
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 0
nsds5replicaLastUpdateEnd: 0
nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: 3 Replication error acquiring replica: permissio
n denied
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 0
nsds5replicaLastInitEnd: 0
and here is the replica on the other server, that this agreement refers to:
dn: cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: nsds5replica
objectClass: extensibleObject
cn: replica
nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com
nsDS5ReplicaId: 7
nsDS5ReplicaType: 3
nsDS5Flags: 1
nsds5ReplicaPurgeDelay: 604800
nsDS5ReplicaBindDN: uid=replica-manager,cn=config
nsState:: BwAAAAAAAACSnChTAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAA==
nsDS5ReplicaName: 8d64c603-aecc11e3-b040c130-71875861
nsds5ReplicaChangeCount: 0
nsds5replicareapactive: 0
[1] https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Configuring_Multi_Master_Replication.html
[2] https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Configuring-Replication-cmd.html
Thanks,
--
Jon Detert
Sr. Systems Administrator
Infinity Healthcare
Milwaukee, Wisconsin
414-290-6759
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
