On 03/18/2014 05:27 PM, Jon Detert wrote:
I reset the password of the replicaBindDn on both servers, and this error stopped occurring. However, I have a new error now: [18/Mar/2014:16:22:24 -0500] NSMMReplicationPlugin - agmt="cn=dc-ihc-dc-com-to-ds2" (test-ds2:389): Replica has a different generation ID than the local data.
This is expected now that you resolved the replica bind issue. This message is stating that the remote replica has not been initialized yet, or it was overwritten, and it needs to be reinitialized.
This should help you: https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Initializing_Consumers.html Regards, Mark
and the replication agreement has a different status now: dn: cn=dc-ihc-dc-com-to-ds2,cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,c n=mapping tree,cn=config objectClass: top objectClass: nsDS5ReplicationAgreement description: agreement to replicate dc=ihc,dc=com tree from ds1 to ds2 cn: dc-ihc-dc-com-to-ds2 nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com nsDS5ReplicaHost: test-ds2.infinityhealthcare.com nsDS5ReplicaPort: 389 nsDS5ReplicaBindDN: uid=replica-manager,cn=config nsDS5ReplicaBindMethod: SIMPLE nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE authorityRevocationLis t accountUnlockTime memberof nsDS5ReplicaCredentials: {DES}Nz0qsqM5nShesnQPldsB7vYKQXOj2azjan8bTsUWxNM= nsds50ruv: {replicageneration} 532892e8000000070000 nsds50ruv: {replica 7 ldap://test-ds2.infinityhealthcare.com:389} nsds50ruv: {replica 14 ldap://test-ds1.infinityhealthcare.com:389} nsruvReplicaLastModified: {replica 7 ldap://test-ds2.infinityhealthcare.com:38 9} 00000000 nsruvReplicaLastModified: {replica 14 ldap://test-ds1.infinityhealthcare.com:3 89} 00000000 nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20140318212415Z nsds5replicaLastUpdateEnd: 20140318212415Z nsds5replicaChangesSentSinceStartup: nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate started nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 0 nsds5replicaLastInitEnd: 0 Any ideas? Thanks, Jon ----- Original Message -----From: "Jon Detert" <jdetert@xxxxxxxxxxxxxxxxxxxxxx> To: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx> Sent: Tuesday, March 18, 2014 3:59:10 PM Subject: multi-master replication setup problem: both suppliers do "not have permission to supply replication updates to the replica" Hi, I have two 389-ds servers. I want them to do multi-master replication to each other. Beyond these 2, there are no other servers. I tried to do this via the command-line, following RedHat's guide [2]. However, /var/log/dirsrv/slapd-*/errors says this: [18/Mar/2014:15:02:10 -0500] NSMMReplicationPlugin - conn=22 op=3 replica="o=infinityhealthcare.com": Unable to acquire replica: error: permission denied [18/Mar/2014:15:07:02 -0500] NSMMReplicationPlugin - agmt="cn=o-ihccom-to-ds2" (test-ds2:389): Unable to acquire replica: permission denied. The bind dn "uid=replica-manager,cn=config" does not have permission to supply replication updates to the replica. Will retry later. [18/Mar/2014:15:07:02 -0500] NSMMReplicationPlugin - agmt="cn=dc-ihc-dc-com-to-ds2" (test-ds2:389): Unable to acquire replica: permission denied. The bind dn "uid=replica-manager,cn=config" does not have permission to supply replication updates to the replica. Will retry later. Any ideas what to do to fix? In case it helps explain the problem, here is what one of the replication agreements looks like: dn: cn=dc-ihc-dc-com-to-ds2,cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,c n=mapping tree,cn=config objectClass: top objectClass: nsDS5ReplicationAgreement description: agreement to replicate dc=ihc,dc=com tree from ds1 to ds2 cn: dc-ihc-dc-com-to-ds2 nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com nsDS5ReplicaHost: test-ds2.infinityhealthcare.com nsDS5ReplicaPort: 389 nsDS5ReplicaBindDN: uid=replica-manager,cn=config nsDS5ReplicaBindMethod: SIMPLE nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE authorityRevocationLis t accountUnlockTime memberof nsDS5ReplicaCredentials: {DES}Nz0qsqM5nShesnQPldsB7vYKQXOj2azjan8bTsUWxNM= nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 0 nsds5replicaLastUpdateEnd: 0 nsds5replicaChangesSentSinceStartup: nsds5replicaLastUpdateStatus: 3 Replication error acquiring replica: permissio n denied nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 0 nsds5replicaLastInitEnd: 0 and here is the replica on the other server, that this agreement refers to: dn: cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,cn=mapping tree,cn=config objectClass: top objectClass: nsds5replica objectClass: extensibleObject cn: replica nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com nsDS5ReplicaId: 7 nsDS5ReplicaType: 3 nsDS5Flags: 1 nsds5ReplicaPurgeDelay: 604800 nsDS5ReplicaBindDN: uid=replica-manager,cn=config nsState:: BwAAAAAAAACSnChTAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAA== nsDS5ReplicaName: 8d64c603-aecc11e3-b040c130-71875861 nsds5ReplicaChangeCount: 0 nsds5replicareapactive: 0 [1] https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Configuring_Multi_Master_Replication.html [2] https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Configuring-Replication-cmd.html-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
-- Mark Reynolds 389 Development Team Red Hat, Inc mreynolds@xxxxxxxxxx -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
