I reset the password of the replicaBindDn on both servers, and this error stopped occurring.
However, I have a new error now:
[18/Mar/2014:16:22:24 -0500] NSMMReplicationPlugin - agmt="cn=dc-ihc-dc-com-to-ds2" (test-ds2:389): Replica has a different generation ID than the local data.
and the replication agreement has a different status now:
dn: cn=dc-ihc-dc-com-to-ds2,cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,c
n=mapping tree,cn=config
objectClass: top
objectClass: nsDS5ReplicationAgreement
description: agreement to replicate dc=ihc,dc=com tree from ds1 to ds2
cn: dc-ihc-dc-com-to-ds2
nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com
nsDS5ReplicaHost: test-ds2.infinityhealthcare.com
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: uid=replica-manager,cn=config
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE authorityRevocationLis
t accountUnlockTime memberof
nsDS5ReplicaCredentials: {DES}Nz0qsqM5nShesnQPldsB7vYKQXOj2azjan8bTsUWxNM=
nsds50ruv: {replicageneration} 532892e8000000070000
nsds50ruv: {replica 7 ldap://test-ds2.infinityhealthcare.com:389}
nsds50ruv: {replica 14 ldap://test-ds1.infinityhealthcare.com:389}
nsruvReplicaLastModified: {replica 7 ldap://test-ds2.infinityhealthcare.com:38
9} 00000000
nsruvReplicaLastModified: {replica 14 ldap://test-ds1.infinityhealthcare.com:3
89} 00000000
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20140318212415Z
nsds5replicaLastUpdateEnd: 20140318212415Z
nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate started
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 0
nsds5replicaLastInitEnd: 0
Any ideas?
Thanks,
Jon
----- Original Message -----
> From: "Jon Detert" <jdetert@xxxxxxxxxxxxxxxxxxxxxx>
> To: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> Sent: Tuesday, March 18, 2014 3:59:10 PM
> Subject: multi-master replication setup problem: both suppliers do "not have permission to supply
> replication updates to the replica"
>
> Hi,
>
> I have two 389-ds servers. I want them to do multi-master replication to
> each other. Beyond these 2, there are no other servers.
>
> I tried to do this via the command-line, following RedHat's guide [2].
>
> However, /var/log/dirsrv/slapd-*/errors says this:
>
> [18/Mar/2014:15:02:10 -0500] NSMMReplicationPlugin - conn=22 op=3
> replica="o=infinityhealthcare.com": Unable to acquire replica: error:
> permission denied
> [18/Mar/2014:15:07:02 -0500] NSMMReplicationPlugin -
> agmt="cn=o-ihccom-to-ds2" (test-ds2:389): Unable to acquire replica:
> permission denied. The bind dn "uid=replica-manager,cn=config" does not have
> permission to supply replication updates to the replica. Will retry later.
> [18/Mar/2014:15:07:02 -0500] NSMMReplicationPlugin -
> agmt="cn=dc-ihc-dc-com-to-ds2" (test-ds2:389): Unable to acquire replica:
> permission denied. The bind dn "uid=replica-manager,cn=config" does not have
> permission to supply replication updates to the replica. Will retry later.
>
> Any ideas what to do to fix?
>
> In case it helps explain the problem, here is what one of the replication
> agreements looks like:
>
> dn:
> cn=dc-ihc-dc-com-to-ds2,cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,c
> n=mapping tree,cn=config
> objectClass: top
> objectClass: nsDS5ReplicationAgreement
> description: agreement to replicate dc=ihc,dc=com tree from ds1 to ds2
> cn: dc-ihc-dc-com-to-ds2
> nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com
> nsDS5ReplicaHost: test-ds2.infinityhealthcare.com
> nsDS5ReplicaPort: 389
> nsDS5ReplicaBindDN: uid=replica-manager,cn=config
> nsDS5ReplicaBindMethod: SIMPLE
> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE
> authorityRevocationLis
> t accountUnlockTime memberof
> nsDS5ReplicaCredentials: {DES}Nz0qsqM5nShesnQPldsB7vYKQXOj2azjan8bTsUWxNM=
> nsds5replicareapactive: 0
> nsds5replicaLastUpdateStart: 0
> nsds5replicaLastUpdateEnd: 0
> nsds5replicaChangesSentSinceStartup:
> nsds5replicaLastUpdateStatus: 3 Replication error acquiring replica:
> permissio
> n denied
> nsds5replicaUpdateInProgress: FALSE
> nsds5replicaLastInitStart: 0
> nsds5replicaLastInitEnd: 0
>
> and here is the replica on the other server, that this agreement refers to:
>
> dn: cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,cn=mapping
> tree,cn=config
> objectClass: top
> objectClass: nsds5replica
> objectClass: extensibleObject
> cn: replica
> nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com
> nsDS5ReplicaId: 7
> nsDS5ReplicaType: 3
> nsDS5Flags: 1
> nsds5ReplicaPurgeDelay: 604800
> nsDS5ReplicaBindDN: uid=replica-manager,cn=config
> nsState:: BwAAAAAAAACSnChTAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAA==
> nsDS5ReplicaName: 8d64c603-aecc11e3-b040c130-71875861
> nsds5ReplicaChangeCount: 0
> nsds5replicareapactive: 0
>
>
> [1]
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Configuring_Multi_Master_Replication.html
>
>
> [2]
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Configuring-Replication-cmd.html
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
