<html> <head> <style> .hmmessage P { margin:0px; padding:0px } body.hmmessage { FONT-SIZE: 10pt; FONT-FAMILY:Tahoma } </style> </head> <body class='hmmessage'> > Date: Wed, 13 Aug 2008 14:03:31 -0600 > From: rmeggins@redhat.com > To: fedora-directory-users@redhat.com > Subject: Re: [Fedora-directory-users] (no subject) > I think it is mentioned in the documentation. > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html > "2. Install and configure the second Directory Server instance. For the > second server, |server2.example.com|, use the |setup-ds.pl| command, > which installs a Directory Server instance without installing a local > Administration Server. " > > Which is what you did below anyway. However, there is a doc bug: > "ConfigFile = netscaperootdb.ldif example suffix entry" > This links to an example of the suffix only, which is what you did below > - the ldif only creates the suffix, not the associated database. > > The LDIF file should contain this: > > dn: cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config > objectclass: top > objectclass: extensibleObject > objectclass: nsBackendInstance > nsslapd-suffix: o=NetscapeRoot > cn: NetscapeRoot > > dn: cn=encrypted attribute keys,cn=NetscapeRoot,cn=ldbm > database,cn=plugins,cn=config > objectClass: top > objectClass: extensibleObject > cn: encrypted attributes keys > > dn: cn=encrypted attributes,cn=NetscapeRoot,cn=ldbm > database,cn=plugins,cn=config > objectClass: top > objectClass: extensibleObject > cn: encrypted attributes > > dn: cn="o=NetscapeRoot",cn=mapping tree,cn=config > objectclass: top > objectclass: extensibleObject > objectclass: nsMappingTree > cn: "o=NetscapeRoot" > nsslapd-state: backend > nsslapd-backend: NetscapeRoot Great! It fixed the issue. I was also able to synchronize between two servers. But, when I execute the register-ds-admin.pl (step 4), I have this: # /usr/sbin/register-ds-admin.pl Beginning registration of the Directory Server ============================================================================== The Directory Server locates its configuration file (dse.ldif) at /etc/dirsrv/slapd-ID, by default. If you have Directory Server(s) which configuration file is put at the other location, you need to input it to register the server. If you have such Directory Server, type the full path that stores the configuration file. If you don't, type return. [configuration directory path or return]: ============================================================================== Candidate servers to register: /etc/dirsrv/slapd-myinstance ============================================================================== Do you want to use this server as Configuration Directory Server? Directory server identifier [myinstance]: ============================================================================== The server must run as a specific user in a specific group. It is strongly recommended that this user should have no privileges on the computer (i.e. a non-root user). The setup procedure will give this user/group some permissions in specific paths/files to perform server-specific operations. If you have not yet created a user and group for the server, create this user and group using your native operating system utilities. System User [nobody]: System Group [nobody]: ============================================================================== Please specify the information about your configuration directory server. The following information is required: - host (fully qualified), port (non-secure or secure), suffix, protocol (ldap or ldaps) - this information should be provided in the form of an LDAP url e.g. for non-secure ldap://host.example.com:389/o=NetscapeRoot or for secure ldaps://host.example.com:636/o=NetscapeRoot - admin ID and password - admin domain - a CA certificate file may be required if you choose to use ldaps and security has not yet been configured - the file must be in PEM/ASCII format - specify the absolute path and filename Configuration directory server URL [ldap://SERVER2:389/o=NetscapeRoot]: Configuration directory server admin ID [admin]: Configuration directory server admin password: Configuration directory server admin password (confirm): Configuration directory server admin domain [DOMAIN]: DOMAIN ============================================================================== The information stored in the configuration directory server can be separated into different Administration Domains. If you are managing multiple software releases at the same time, or managing information about multiple domains, you may use the Administration Domain to keep them separate. If you are not using administrative domains, press Enter to select the default. Otherwise, enter some descriptive, unique name for the administration domain, such as the name of the organization responsible for managing the domain. Administration Domain [DOMAIN]: ============================================================================== The Administration Server is separate from any of your web or application servers since it listens to a different port and access to it is restricted. Pick a port number between 1024 and 65535 to run your Administration Server on. You should NOT use a port number which you plan to run a web or application server on, rather, select a number which you will remember and which will not be used for anything else. Administration port [9830]: ============================================================================== Registering new Config DS: SERVER2 ============================================================================== Input the Directory Server password on the server SERVER2: Error: failed to register the configuration server info to the Configuration Directory Server SERVER2. <hr /> <a href='' target='_new'></a></body> </html>