[Fedora-directory-users] replicating configuration directotry (NetscapeRoot)
Richard Megginson
rmeggins at redhat.com
Tue May 2 01:36:06 UTC 2006
Linux Admin wrote:
> Richard, Here is more detail error message
> [01/May/2006:18:21:38 -0500] NSMMReplicationPlugin -
> agmt="cn=F04T02NET" (serve01:1389): Unable to acquire replica:
> permission denied. The bind dn "cn=replication manager,cn=config" does
> not have permission to supply replication updates to the replica. Will
> retry later
This usually means there is no supplier DN given in the replica config,
or there is a spelling error in the supplier DN name.
>
>
>
> On 5/1/06, *Richard Megginson* <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>> wrote:
>
> Linux Admin wrote:
> > Richard,
> > I have tried disabling the pass-through on server 2 and
> unfortunately
> > I still can not replicate from 2 to 1.
> > Replications from 1 to 2 works fine. I had to manually create
> > NetscapeRoot on 2 initially, could be it that is created with
> > different set of attributes then on 1.
> > The error is 3. Permission denied.
> Make sure the user you are using as your supplier DN on server 1
> exists
> on server 1 (and likewise for server 2). Try using ldapsearch
> from the
> command line - bind with your supplier DN and password - to see if you
> can use those credentials to search the suffix on both servers.
> > What else could it be.
> > Thanks for all your help.
> >
> >
> >
> > On 4/28/06, *Linux Admin* <sysadmin.linux at gmail.com
> <mailto:sysadmin.linux at gmail.com>
> > <mailto: sysadmin.linux at gmail.com
> <mailto:sysadmin.linux at gmail.com>>> wrote:
> >
> > Richard,
> > Thanks, let me try. I am surprised there is no documentation at
> > all on NetScape root replication.
> > You help is very much appricated
> >
> >
> >
> >
> > On 4/28/06, * Richard Megginson* <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>
> > <mailto:rmeggins at redhat.com <mailto:rmeggins at redhat.com>>>
> wrote:
> >
> > Linux Admin wrote:
> > > Richard,
> > > Thanks, this is very good.
> > > I do not want to really disable it right now,
> > I think you may need to disable it on the replica in
> order to make
> > replication work.
> > > I just want to have 2 way replication between Server 1 and
> > Server 2,
> > > and used authenticate against server1. I would then
> setup in
> > pluging
> > > authentication against both 1 and 2. Is this right way?
> > > Thank your very much for your time and advice.
> > >
> > >
> > > On 4/28/06, *Richard Megginson* < rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>
> > <mailto:rmeggins at redhat.com <mailto:rmeggins at redhat.com>>
> > > <mailto: rmeggins at redhat.com
> <mailto:rmeggins at redhat.com> <mailto:rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>>>>
> > wrote:
> > >
> > > Linux Admin wrote:
> > > > Folks,
> > > > Is it possible to set up multi-master replication of
> > NetscapeRoot
> > > > configuration directory.
> > > > I have tried and I can successfully initialize
> > subscribers from the
> > > > current configuration directory server.
> > > > However initialization of replication in opposite
> > direction fails.
> > > >
> > > > Server 1 current conf dir -> Server 2:
> rplication sucsfull
> > > > o=NetscapeRoot is populated
> > > > Server 1 current conf dir <- Server 2: rplication
> > failes with error:
> > > > Permission denied. Error code 3
> > > Part of the problem is that, when you set up a second
> > instance, the
> > > installer automatically enables pass through
> > authentication for the
> > > console admin user, which allows that user to login as
> > > uid=admin,.....,o=NetscapeRoot on machines which
> do not have
> > > o=NetscapeRoot. So the first thing you need to do
> is to
> > disable the
> > > pass through auth plugin (console -> directory
> console ->
> > > Configuration
> > > -> Plug-ins -> Pass Through -> uncheck the Enable
> box - then
> > > restart the
> > > server.
> > > >
> > > > on Server 2 I had to manully create NetscapeRoot
> database.
> > > > What am I missing?. Is it "idiot prrof" feature?
> > > >
> > > > Thanks in advance for any help
> > > > SysLin
> > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------
> > > >
> > > > --
> > > > Fedora-directory-users mailing list
> > > > Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
> > <mailto:Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>>
> > > <mailto: Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
> > <mailto:Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>>>
> > > >
> >
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > <
> https://www.redhat.com/mailman/listinfo/fedora-directory-users>
> > > >
> > >
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
> > <mailto:Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>>
> > > <mailto: Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
> > <mailto:Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>>>
> > >
> >
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >
> > >
> > >
> > >
> > >
> ------------------------------------------------------------------------
> >
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
> > <mailto:Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>>
> > >
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >
> >
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
> > <mailto: Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>>
> >
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060501/18b4a76c/attachment.bin>
More information about the Fedora-directory-users
mailing list