|
Hi Rocio Quirantes, From your configuration I understood you are setting up replication
between two master servers say M1 and M2. The rest of the configuration is fine. Once I too faced the same issue.
I got it worked by adding the following entry in both the servers M1 and M2. I not
clear in which server you added the cn=replication manager,cn=config entry.(M1
or M2) dn: cn=replication manager,cn=config objectClass: person objectClass: top cn: replication manager sn: RM userPassword: {SSHA} XXX passwordExpirationTime: 20380119031407Z modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo t modifyTimestamp: 20090217141706Z If u added it in any one of the master servers try adding it in both (in
both M1 and M2) sides. Because the read-write replicas in both master servers
hold the nsDS5ReplicaBindDN: cn=replication
manager,cn=config attribute. So definitely each master will look for cn=replication
manager,cn=config entry in the another one. Ex: M1 will search
M2 for dn: cn=replication manager,cn=config and viz., So if any one of the masters is not able to find the above entry it
throws such error. Hope this will work. Regards, ViSolve LDAP Team -----Original Message----- Hello, I'm trying to configure multimaster replication with two
servers, and I get a permission error when the supplier tries to send the copie
to the consumer. This is the error I get: supplier: ldap1 -> NSMMReplicationPlugin - agmt="cn=ldap1"
(ldap2:636): Unable to acquire replica: permission denied. The bind dn "cn=replication manager,cn=config" does not have permission
to supply replication updates to the replica. Will retry later. consumer: ldap2 -> NSMMReplicationPlugin - conn=245 op=3 replica="dc=example,dc=es": Unable to acquire replica: error:
permission denied The other wa: supplier: ldap2 -> NSMMReplicationPlugin - agmt="cn=ldap2"
(ldap1:636): Unable to acquire replica: permission denied. The bind dn "cn=replication manager,cn=config" does not have permission
to supply replication updates to the replica. Will retry later. consumer: ldap1 -> NSMMReplicationPlugin - conn=32 op=3 replica="dc=example,dc=es": Unable to acquire replica: error:
permission denied I have follow the configuration manual from red hat to configure the
multimaster from: http://www.redhat.com/docs/manuals/dir-server/ag/replicat.htm#74262 This is my configuration: dn: cn=replication manager,cn=config objectClass: person objectClass: top cn: replication manager sn: RM userPassword: {SSHA} XXX passwordExpirationTime: 20380119031407Z modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo t modifyTimestamp: 20090217141706Z dn: cn=legacy consumer,cn=replication,cn=config objectClass: top objectClass: extensibleObject cn: legacy consumer nsslapd-legacy-updatedn: cn=replication manager,cn=config creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo t createTimestamp: 20090216083802Z modifyTimestamp: 20090216100926Z nsslapd-legacy-updatepw: {SHA} xxx dn: cn=replica,cn="dc=example,dc=es",cn=mapping tree,
cn=config objectClass: nsDS5Replica objectClass: top nsDS5ReplicaRoot: dc=example,dc=es nsDS5ReplicaType: 3 nsDS5Flags: 1 nsDS5ReplicaId: 1 nsds5ReplicaPurgeDelay: 604800 cn: replica creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config createTimestamp: 20090217095448Z modifyTimestamp: 20090218092048Z nsState:: AQAAANnSm0kAAAAAAAAAAAEAAAA= nsDS5ReplicaName: 000df382-1dd211b2-a7f6fad4-efd80000 nsDS5ReplicaBindDN: cn=replication manager,cn=config numSubordinates: 1 dn: cn=ldap1, cn=replica, cn="dc=example,dc=es", cn=mapping
tree, cn=config objectClass: top objectClass: nsDS5ReplicationAgreement description: Replicacion multimaster entre ldap1 y ldap2 cn: ldap1 nsDS5ReplicaRoot: dc=example,dc=es nsDS5ReplicaHost: ldap2.example.es nsDS5ReplicaPort: 636 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaTransportInfo: SSL nsDS5ReplicaBindMethod: SIMPLE nsDS5ReplicaCredentials: {DES} xxxx creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo t createTimestamp: 20090217100103Z modifyTimestamp: 20090218103445Z dn: cn=ldap2, cn=replica, cn="dc=example,dc=es", cn=mapping
tree, cn=config objectClass: top objectClass: nsDS5ReplicationAgreement description: Replicacion multimaster entre ldap2 y ldap1 cn: ldap1 nsDS5ReplicaRoot: dc=example,dc=es nsDS5ReplicaHost: ldap1.example.es nsDS5ReplicaPort: 636 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaTransportInfo: SSL nsDS5ReplicaBindMethod: SIMPLE nsDS5ReplicaCredentials: {DES} xxxx creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot createTimestamp: 20090217100103Z modifyTimestamp: 20090218103445Z I can see where the error is, I hope you can help me Thank you -- Rocio Quirantes Rodal Área de Seguridad Informática Centro Informático Científico de Andalucía (CICA) Avda. Reina Mercedes s/n - 41012 - Sevilla ( Tfno.: +34 955 056 648 / +34 955 056 600 / FAX: +34 955 056 650 Consejería de Innovación, Ciencia y Empresa Junta de Andalucía -------------------------------------------------- Este mensaje esta firmado digitalmente. reconocer la firma desde su cliente debera tener instalado el certificado raiz de la CA del CICA en el mismo. Puede descargarlo desde: http://pki.cica.es/cacert/ -------------------------------------------------- |
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
