Replication fails due to lack of permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I started with two Redhat EL3U5 servers, setting up the newest available directory server (fedora-ds rpm) on each server with an identical configuration.  I set up Single Master replication according to this guide: http://www.redhat.com/docs/manuals/dir-server/ag/7.1/replicat.html#1108849.  That is, I created a 'cn=replication manager,cn=config' by pasting the example entry from the guide in the config/dse.ldif on the slave (consumer) server.  I verified this account works by using LDAP Browser/Editor, I can log in and view my LDAP directory 'dc=foo,dc=net'.  I cannot, however, add or delete any foo.net entries when logged in as the replication manager.  When I configured a replication agreement on the master/supplier and restarted both servers, it errors out with:
 
NSMMReplicationPlugin - agmt="cn=myagreement" (192:1389): Unable to acquire replica: permission denied. The bind dn "cn=replication manager,cn=config" does not have permission to supply replication updates to the replica. Will retry later.
 
I had specified the ip address of the slave/consumer server when setting up the replication agreement, but because it refers to it as '192:1389' in the logs I thought maybe it was looking for a hostname.  Getting past the fact that it will not allow underscores in the consumer name (I assume this is a bug), I added an /etc/hosts entry for the consumer on the master and recreated the replication agreement and restarted both servers.  I still have the same problem:
 
NSMMReplicationPlugin - agmt="cn=myagreement" (testappserver2:1389): Unable to acquire replica: permission denied. The bind dn "cn=replication manager,cn=config" does not have permission to supply replication updates to the replica. Will retry later.
 
On the slave/consumer, I get:
 
NSMMReplicationPlugin - conn=9 op=3 replica="dc=foo,dc=net": Unable to acquire replica: error: permission denied
 
Any idea why this is happening?  Shouldn't the replication manager have read/write permissions to the userRoot by default since it inherits all the administrator roles?
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux