That fixed the problem. Only thing is, when I created the replicationAgreement, I included the attribute "nsds5BeginReplicaRefresh: start". Why then did I have to re-init? I realized it couldn't start when i 1st created the agreement because I had the wrong credentials. But why did I have to tell it to start again? Does the refresh attr automatically change after each replication attempt? Thanks, Jon ----- Original Message ----- > From: "Mark Reynolds" <mareynol@xxxxxxxxxx> > To: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx> > Cc: "Jon Detert" <jdetert@xxxxxxxxxxxxxxxxxxxxxx> > Sent: Wednesday, March 19, 2014 11:26:23 AM > Subject: Re: multi-master replication setup problem: both suppliers do "not have permission to supply > replication updates to the replica" > > > On 03/18/2014 05:27 PM, Jon Detert wrote: > > I reset the password of the replicaBindDn on both servers, and this error > > stopped occurring. > > > > However, I have a new error now: > > > > [18/Mar/2014:16:22:24 -0500] NSMMReplicationPlugin - > > agmt="cn=dc-ihc-dc-com-to-ds2" (test-ds2:389): Replica has a different > > generation ID than the local data. > > This is expected now that you resolved the replica bind issue. This > message is stating that the remote replica has not been initialized yet, > or it was overwritten, and it needs to be reinitialized. > > This should help you: > > https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Initializing_Consumers.html > > Regards, > Mark > > > > and the replication agreement has a different status now: > > > > dn: > > cn=dc-ihc-dc-com-to-ds2,cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,c > > n=mapping tree,cn=config > > objectClass: top > > objectClass: nsDS5ReplicationAgreement > > description: agreement to replicate dc=ihc,dc=com tree from ds1 to ds2 > > cn: dc-ihc-dc-com-to-ds2 > > nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com > > nsDS5ReplicaHost: test-ds2.infinityhealthcare.com > > nsDS5ReplicaPort: 389 > > nsDS5ReplicaBindDN: uid=replica-manager,cn=config > > nsDS5ReplicaBindMethod: SIMPLE > > nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE > > authorityRevocationLis > > t accountUnlockTime memberof > > nsDS5ReplicaCredentials: {DES}Nz0qsqM5nShesnQPldsB7vYKQXOj2azjan8bTsUWxNM= > > nsds50ruv: {replicageneration} 532892e8000000070000 > > nsds50ruv: {replica 7 ldap://test-ds2.infinityhealthcare.com:389} > > nsds50ruv: {replica 14 ldap://test-ds1.infinityhealthcare.com:389} > > nsruvReplicaLastModified: {replica 7 > > ldap://test-ds2.infinityhealthcare.com:38 > > 9} 00000000 > > nsruvReplicaLastModified: {replica 14 > > ldap://test-ds1.infinityhealthcare.com:3 > > 89} 00000000 > > nsds5replicareapactive: 0 > > nsds5replicaLastUpdateStart: 20140318212415Z > > nsds5replicaLastUpdateEnd: 20140318212415Z > > nsds5replicaChangesSentSinceStartup: > > nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental > > upd > > ate started > > nsds5replicaUpdateInProgress: FALSE > > nsds5replicaLastInitStart: 0 > > nsds5replicaLastInitEnd: 0 > > > > Any ideas? > > > > Thanks, > > > > Jon > > > > > > ----- Original Message ----- > >> From: "Jon Detert" <jdetert@xxxxxxxxxxxxxxxxxxxxxx> > >> To: "General discussion list for the 389 Directory server project." > >> <389-users@xxxxxxxxxxxxxxxxxxxxxxx> > >> Sent: Tuesday, March 18, 2014 3:59:10 PM > >> Subject: multi-master replication setup problem: both > >> suppliers do "not have permission to supply > >> replication updates to the replica" > >> > >> Hi, > >> > >> I have two 389-ds servers. I want them to do multi-master replication to > >> each other. Beyond these 2, there are no other servers. > >> > >> I tried to do this via the command-line, following RedHat's guide [2]. > >> > >> However, /var/log/dirsrv/slapd-*/errors says this: > >> > >> [18/Mar/2014:15:02:10 -0500] NSMMReplicationPlugin - conn=22 op=3 > >> replica="o=infinityhealthcare.com": Unable to acquire replica: error: > >> permission denied > >> [18/Mar/2014:15:07:02 -0500] NSMMReplicationPlugin - > >> agmt="cn=o-ihccom-to-ds2" (test-ds2:389): Unable to acquire replica: > >> permission denied. The bind dn "uid=replica-manager,cn=config" does not > >> have > >> permission to supply replication updates to the replica. Will retry later. > >> [18/Mar/2014:15:07:02 -0500] NSMMReplicationPlugin - > >> agmt="cn=dc-ihc-dc-com-to-ds2" (test-ds2:389): Unable to acquire replica: > >> permission denied. The bind dn "uid=replica-manager,cn=config" does not > >> have > >> permission to supply replication updates to the replica. Will retry later. > >> > >> Any ideas what to do to fix? > >> > >> In case it helps explain the problem, here is what one of the replication > >> agreements looks like: > >> > >> dn: > >> cn=dc-ihc-dc-com-to-ds2,cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,c > >> n=mapping tree,cn=config > >> objectClass: top > >> objectClass: nsDS5ReplicationAgreement > >> description: agreement to replicate dc=ihc,dc=com tree from ds1 to ds2 > >> cn: dc-ihc-dc-com-to-ds2 > >> nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com > >> nsDS5ReplicaHost: test-ds2.infinityhealthcare.com > >> nsDS5ReplicaPort: 389 > >> nsDS5ReplicaBindDN: uid=replica-manager,cn=config > >> nsDS5ReplicaBindMethod: SIMPLE > >> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE > >> authorityRevocationLis > >> t accountUnlockTime memberof > >> nsDS5ReplicaCredentials: {DES}Nz0qsqM5nShesnQPldsB7vYKQXOj2azjan8bTsUWxNM= > >> nsds5replicareapactive: 0 > >> nsds5replicaLastUpdateStart: 0 > >> nsds5replicaLastUpdateEnd: 0 > >> nsds5replicaChangesSentSinceStartup: > >> nsds5replicaLastUpdateStatus: 3 Replication error acquiring replica: > >> permissio > >> n denied > >> nsds5replicaUpdateInProgress: FALSE > >> nsds5replicaLastInitStart: 0 > >> nsds5replicaLastInitEnd: 0 > >> > >> and here is the replica on the other server, that this agreement refers > >> to: > >> > >> dn: cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,cn=mapping > >> tree,cn=config > >> objectClass: top > >> objectClass: nsds5replica > >> objectClass: extensibleObject > >> cn: replica > >> nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com > >> nsDS5ReplicaId: 7 > >> nsDS5ReplicaType: 3 > >> nsDS5Flags: 1 > >> nsds5ReplicaPurgeDelay: 604800 > >> nsDS5ReplicaBindDN: uid=replica-manager,cn=config > >> nsState:: BwAAAAAAAACSnChTAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAA== > >> nsDS5ReplicaName: 8d64c603-aecc11e3-b040c130-71875861 > >> nsds5ReplicaChangeCount: 0 > >> nsds5replicareapactive: 0 > >> > >> > >> [1] > >> https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Configuring_Multi_Master_Replication.html > >> > >> > >> [2] > >> https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Configuring-Replication-cmd.html > > -- > > 389 users mailing list > > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > Mark Reynolds > 389 Development Team > Red Hat, Inc > mreynolds@xxxxxxxxxx > > -- Jon Detert Sr. Systems Administrator Infinity Healthcare Milwaukee, Wisconsin 414-290-6759 -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
