----- Original Message -----
> From: "Noriko Hosoi" <nhosoi@xxxxxxxxxx>
> To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> Sent: Monday, August 18, 2014 5:03:57 PM
> Subject: Re: cannot make replication work over SSL
> You mentioned hosts test-ds1 and test-ds2. What is test-ds3? Is it another
> consumer?
No. Sorry, my mistake. I wanted to simplify the description, and so wrote 'test-ds2' when in
acutality, the host I'm trying to make a consumer via replication over ssl is 'test-ds3'. I just
thought it would read better as 'test-ds1 and test-ds2' instead of what I actually have: test-ds1 the supplier, and test-ds3 the consumer.
> Does this command line work on the host test-ds1?
> ldapsearch -LLL -x -H ldaps://test-ds3 -s sub -b dc=infinityhealthcare,dc=com
> uid=jdetert
Yes it works.
> If yes, what happens if you add this to your agreement?
> > nsDS5ReplicaTransportInfo: SSL
The replication agreement still had the state I reported below, so I 'restarted' the replication by issuing this command:
ldapmodify -cax -h localhost -y ~jdetert/pword -D 'cn=Directory Manager' <<BYE
dn: cn=dc-ihc-dc-com-to-ds3, cn=replica, cn="dc=infinityhealthcare,dc=com", cn=mapping tree, cn=config
changetype: modify
replace: nsds5BeginReplicaRefresh
nsds5BeginReplicaRefresh: start
BYE
However, replication still doesn't work. Here's what the agreement looks like now:
dn: cn=dc-ihc-dc-com-to-ds3,cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,c
n=mapping tree,cn=config
objectClass: top
objectClass: nsDS5ReplicationAgreement
description: agreement to replicate dc=ihc,dc=com tree from ds1 to ds3
cn: dc-ihc-dc-com-to-ds3
nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com
nsDS5ReplicaHost: test-ds3.infinityhealthcare.com
nsDS5ReplicaPort: 636
nsDS5ReplicaBindDN: uid=replica-manager,cn=config
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE authorityRevocationLis
t memberof
nsDS5ReplicaCredentials: {DES}Nz0qsqM5nShesnQPldsB7vYKQXOj2azjan8bTsUWxNM=
nsDS5ReplicaTransportInfo: SSL
nsds5BeginReplicaRefresh: start
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 0
nsds5replicaLastUpdateEnd: 0
nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: -5 Unable to acquire replicaLDAP error: Timed ou
t
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 20140818205749Z
nsds5replicaLastInitEnd: 0
nsds5replicaLastInitStatus: 0
> (
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#Replication_Attributes_under_cnReplicationAgreementName_cnreplica_cnsuffixName_cnmapping_tree_cnconfig-nsDS5ReplicaTransportInfo
> )
> If it still does not work, could you try replacing the replica host like
> this?
> > nsDS5ReplicaHost: test-ds3
Getting to that. Will reply when I've tried it.
Regards,
Jon
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
