[Fedora-directory-users] Can't locate CSN in Multi-Master replica

Richard Megginson rmeggins at redhat.com
Wed Oct 31 16:43:02 UTC 2007 

Dael Maselli wrote:
> I'm working with the java management console.
>
> I created replication manager users as:
> dn: cn=A.infn.it,cn=config
> cn: A.infn.it
> description: CN=A.infn.it,L=Lecce,OU=Host,O=INFN,C=IT
> objectClass: top
> objectClass: nshost
>
> dn: cn=B.infn.it,cn=config
> cn: B.infn.it
> description: CN=B.infn.it,L=Lecce,OU=Host,O=INFN,C=IT
> objectClass: top
> objectClass: nshost
>
> in my shared/config/certmap.conf i have:
> certmap default         default
> default:CmapLdapAttr    description
>
> I tried SSL auth and it works as I can see in the logs:
> [29/Oct/2007:14:53:40 +0100] conn=2 SSL 256-bit AES; client 
> CN=A.infn.it,L=Lecce,OU=Host,O=INFN,C=IT; issuer CN=INFN CA,O=INFN,C=IT
> [29/Oct/2007:14:53:40 +0100] conn=2 SSL client bound as 
> cn=A.infn.it,cn=config
>
> The changelogs are created with management console, enabling the 
> checkbox in the
> Replication node of the configuration tab, selecting the default 
> location.
>
> Then, under database in the replication node i checked enable replica, 
> and
> Multiple Master, replication id 1 for A and 2 for B, and in the 
> supplier DN
> I wrote cn=A.infn.it,cn=config in B and cn=B.infn.it,cn=config in A.
>
> Then, right click on database name under Replication, "New Replication 
> Agreement",
> selecting B node on A with port 636 and checked "Using Encrypted SSL 
> connection" and
> "SSL Client Authentication". Here I had a problem! There was a pop-up 
> that told me
> it can't connect to the other fds server, but I thought it was a bug, 
> because I checked
> with tcpdump and saw no packet sent (I can see it with simple auth). 
> So I clicked to
> continue and all seems to work well, even the initialization done from 
> A to B, I didn't
> do it when I created the Agreement from B to A in the same way.
You don't need to initialize from B to A if you already did the 
initialize from A to B.

When you did the tcpdump, did you look at traffic on port 389 too, or 
just 636?
>
> I followed the manual at 
> http://www.redhat.com/docs/manuals/dir-server/ag/replicat.htm#66943
>
> I hope I was clear, sorry for my macaronic english ;-)
>
> Thank you so much.
>
>
> Richard Megginson wrote:
>>
>> Can you describe the exact steps you took e.g.
>> configured and created changelogs on A and B
>> created replication manager user on A and B
>> configured A to be a multi master replica
>> configured B to be a multi master replica
>> created replication agreement from A to B
>> created replication agreement from B to A
>> Did replica init from A to B
>>
>> Note that you should not do a replica init from B to A if you already 
>> did one from A to B
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20071031/bd03cf75/attachment.bin>

More information about the Fedora-directory-users mailing list