Re: Problems with multimaster replicationconfiguration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Visolve LDAP Group escribió:



Hi Rocio Quirantes,
From your configuration I understood you are setting up replication between two master servers say M1 and M2.
The rest of the configuration is fine. Once I too faced the same issue. I got it worked by adding the following entry in both the servers M1 and M2. I not clear in which server you added the cn=replication manager,cn=config entry.(M1 or M2) 


dn: cn=replication manager,cn=config

objectClass: person

objectClass: top

cn: replication manager

sn: RM

userPassword: {SSHA} XXX

passwordExpirationTime: 20380119031407Z

modifiersName:

uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo

 t

modifyTimestamp: 20090217141706Z
If u added it in any one of the master servers try adding it in both (in both M1 and M2) sides. Because the read-write replicas in both master servers hold the *nsDS5ReplicaBindDN: cn=replication manager,cn=config *attribute.
So definitely each master will look for cn=replication manager,cn=config entry in the another one. 

*Ex:* M1 will search M2 for dn: cn=replication manager,cn=config and viz.,
So if any one of the masters is not able to find the above entry it throws such error. 


Hope this will work.


Regards,

ViSolve LDAP Team


-----Original Message-----
From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Rocio Quirantes 
Sent: Wednesday, February 18, 2009 4:26 PM
To: fedora-directory-users@xxxxxxxxxx
Subject: Problems with multimaster replicationconfiguration
Hello, I'm trying to configure multimaster replication with two servers, and I get a permission error when the supplier tries to send the copie to the consumer. This is the error I get: 


supplier: ldap1 -> NSMMReplicationPlugin - agmt="cn=ldap1" (ldap2:636):

Unable to acquire replica: permission denied. The bind dn

"cn=replication manager,cn=config" does not have permission to supply

replication updates to the replica. Will retry later.


consumer: ldap2 -> NSMMReplicationPlugin - conn=245 op=3

replica="dc=example,dc=es": Unable to acquire replica: error: permission

denied


The other wa:


supplier: ldap2 -> NSMMReplicationPlugin - agmt="cn=ldap2" (ldap1:636):

Unable to acquire replica: permission denied. The bind dn

"cn=replication manager,cn=config" does not have permission to supply

replication updates to the replica. Will retry later.


consumer: ldap1 -> NSMMReplicationPlugin - conn=32 op=3

replica="dc=example,dc=es": Unable to acquire replica: error: permission

denied
I have follow the configuration manual from red hat to configure the multimaster from: 


http://www.redhat.com/docs/manuals/dir-server/ag/replicat.htm#74262


This is my configuration:


dn: cn=replication manager,cn=config

objectClass: person

objectClass: top

cn: replication manager

sn: RM

userPassword: {SSHA} XXX

passwordExpirationTime: 20380119031407Z

modifiersName:

uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo

 t

modifyTimestamp: 20090217141706Z


dn: cn=legacy consumer,cn=replication,cn=config

objectClass: top

objectClass: extensibleObject

cn: legacy consumer

nsslapd-legacy-updatedn: cn=replication manager,cn=config

creatorsName:

uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot

modifiersName:

uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo

 t

createTimestamp: 20090216083802Z

modifyTimestamp: 20090216100926Z

nsslapd-legacy-updatepw: {SHA} xxx


dn: cn=replica,cn="dc=example,dc=es",cn=mapping tree, cn=config

objectClass: nsDS5Replica

objectClass: top

nsDS5ReplicaRoot: dc=example,dc=es

nsDS5ReplicaType: 3

nsDS5Flags: 1

nsDS5ReplicaId: 1

nsds5ReplicaPurgeDelay: 604800

cn: replica

creatorsName:

uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot

modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config

createTimestamp: 20090217095448Z

modifyTimestamp: 20090218092048Z

nsState:: AQAAANnSm0kAAAAAAAAAAAEAAAA=

nsDS5ReplicaName: 000df382-1dd211b2-a7f6fad4-efd80000

nsDS5ReplicaBindDN: cn=replication manager,cn=config

numSubordinates: 1
dn: cn=ldap1, cn=replica, cn="dc=example,dc=es", cn=mapping tree, cn=config 

objectClass: top

objectClass: nsDS5ReplicationAgreement

description: Replicacion multimaster entre ldap1 y ldap2

cn: ldap1

nsDS5ReplicaRoot: dc=example,dc=es

nsDS5ReplicaHost: ldap2.example.es

nsDS5ReplicaPort: 636

nsDS5ReplicaBindDN: cn=replication manager,cn=config

nsDS5ReplicaTransportInfo: SSL

nsDS5ReplicaBindMethod: SIMPLE

nsDS5ReplicaCredentials: {DES} xxxx

creatorsName:

uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot

modifiersName:

uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo

 t

createTimestamp: 20090217100103Z

modifyTimestamp: 20090218103445Z
dn: cn=ldap2, cn=replica, cn="dc=example,dc=es", cn=mapping tree, cn=config 

objectClass: top

objectClass: nsDS5ReplicationAgreement

description: Replicacion multimaster entre ldap2 y ldap1

cn: ldap1

nsDS5ReplicaRoot: dc=example,dc=es

nsDS5ReplicaHost: ldap1.example.es

nsDS5ReplicaPort: 636

nsDS5ReplicaBindDN: cn=replication manager,cn=config

nsDS5ReplicaTransportInfo: SSL

nsDS5ReplicaBindMethod: SIMPLE

nsDS5ReplicaCredentials: {DES} xxxx

creatorsName:

uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot

modifiersName:

uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot

createTimestamp: 20090217100103Z

modifyTimestamp: 20090218103445Z


I can see where the error is, I hope you can help me

Thank you


--
Rocio Quirantes Rodal 
Área de Seguridad Informática

Centro Informático Científico de Andalucía (CICA)

Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain)

Tfno.: +34 955 056 648 / +34 955 056 600 / FAX: +34 955 056 650

Consejería de Innovación, Ciencia y Empresa

Junta de Andalucía

--------------------------------------------------

Este mensaje esta firmado digitalmente. Para poder

reconocer la firma desde su cliente debera tener

instalado el certificado raiz de la CA del CICA en

el mismo. Puede descargarlo desde:


http://pki.cica.es/cacert/

--------------------------------------------------


------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
Hello, I have the user in both servers but thank you, I solved the problem, it was about the password, I deactivated Legacy consumer, and I got the error:
[19/Feb/2009:08:58:10 +0100] NSMMReplicationPlugin - agmt="cn=ldap2" (ldap2:636): Simple bind resumed [19/Feb/2009:08:58:10 +0100] NSMMReplicationPlugin - agmt="cn=ldap2" (ldap2:636): Replication bind to cn=replication manager,cn=config on consumer failed: 49 ()
And I realised that the problem was with the password, it had a { on it, but it appeared as a Ç, very strange 
Thank you again

--
Rocio Quirantes Rodal Área de Seguridad Informática 
Centro Informático Científico de Andalucía (CICA)
Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain)
Tfno.: +34 955 056 648 / +34 955 056 600 / FAX: +34 955 056 650
Consejería de Innovación, Ciencia y Empresa
Junta de Andalucía
--------------------------------------------------
Este mensaje esta firmado digitalmente. Para poder
reconocer la firma desde su cliente debera tener
instalado el certificado raiz de la CA del CICA en
el mismo. Puede descargarlo desde:

http://pki.cica.es/cacert/
--------------------------------------------------

<<attachment: smime.p7s>>

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux