[Fedora-directory-users] Questions about setting up replication by modifying ldap directly.
Ryan Braun
Ryan.Braun at ec.gc.ca
Tue Dec 11 23:17:16 UTC 2007
On Tuesday 11 December 2007 9:31 pm, Rich Megginson wrote:
[big time snip]
> The supplier will by default attempt to send updates immediately. If
> the consumer goes down, the supplier will keep trying to reach it, using
> an exponential backoff strategy, until it attempts to contact the
> consumer every 5 minutes. So at most you should only have to wait 5
> minutes after the consumer comes back online.
Ahhh good to know, I'm pretty impatient and wanted the updates now.
>
> The referrals are automatically set to go to all of the masters, but
> there is no guaranteed order. So there is no guarantee of which master
> the client will be referred to, only that it will be referred to one of
> the masters.
Well I used my script to setup a MMR agreement between 2 servers. Then a consumer read only agreement on those 2 servers to a third server. Replication is working over all the servers. With one really odd quirk. When I open up the console, goto the configuration tab -> Replication -> userRoot. Then I click on one of the rep agreements I get an insufficient permissions error (I'm logging in as cn=Directory Manager).
I click ok, get prompted for a username and password (cn=Directory Manager is already in the username box). I just click cancel and it lets me continue to view/edit/delete the rep agreement.
I restarted the server, same issue.
There aren't any err= messages in the access log and the error log doesn't have any info about the message either.
Here is the rep agreement straight from the dse.ldif file
dn: cn=Replication to xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=,dc=ec,dc=gc,
dc=ca",cn=mapping tree,cn=config
objectClass: top
objectClass: nsDS5ReplicationAgreement
cn: Replication to xxxldap1.isb.ec.gc.ca
nsDS5ReplicaHost: xxxldap1.xxx.ec.gc.ca
nsDS5ReplicaRoot: dc=xxx,dc=ec,dc=gc,dc=ca
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: uid=RManager,cn=config
nsDS5ReplicaBindMethod: simple
nsDS5ReplicaUpdateSchedule: 0000-2359 0123456
nsds5replicaTimeout: 120
nsDS5ReplicaCredentials: {DES}S7ig2LTq5lWO65tutWo4JQ==
creatorsName: cn=directory manager
modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config
createTimestamp: 20071211223651Z
modifyTimestamp: 20071211230605Z
nsds50ruv: {replicageneration} 475f0e11000000030000
nsds50ruv: {replica 1 ldap://xxxldap1.xxx.ec.gc.ca:389} 475f11c3000000010000 4
75f11c3000000010000
nsds50ruv: {replica 3 ldap://infinity.xxx.ec.gc.ca:389} 475f11a6000000030000 4
75f151a000000030000
nsruvReplicaLastModified: {replica 1 ldap://xxxldap1.xxx.ec.gc.ca:389} 0000000
0
nsruvReplicaLastModified: {replica 3 ldap://infinity.xxx.ec.gc.ca:389} 0000000
0
Ryan Braun
Informatics Operations
Aviation and Defence Services Division
Chief Information Officer Branch, Environment Canada
CIV: (204) 833-2500x2824 CSN: 257-2824 FAX: (204) 833-2524
E-Mail: Ryan.Braun at ec.gc.ca
More information about the Fedora-directory-users
mailing list