[Fedora-directory-users] Problems with multimaster replication configuration
Rocio Quirantes
rquirantes at cica.es
Wed Feb 18 10:56:17 UTC 2009
Hello, I'm trying to configure multimaster replication with two servers, and I get a permission error when the supplier tries to send the copie to the consumer. This is the error I get:
supplier: ldap1 -> NSMMReplicationPlugin - agmt="cn=ldap1" (ldap2:636):
Unable to acquire replica: permission denied. The bind dn
"cn=replication manager,cn=config" does not have permission to supply
replication updates to the replica. Will retry later.
consumer: ldap2 -> NSMMReplicationPlugin - conn=245 op=3
replica="dc=example,dc=es": Unable to acquire replica: error: permission
denied
The other wa:
supplier: ldap2 -> NSMMReplicationPlugin - agmt="cn=ldap2" (ldap1:636):
Unable to acquire replica: permission denied. The bind dn
"cn=replication manager,cn=config" does not have permission to supply
replication updates to the replica. Will retry later.
consumer: ldap1 -> NSMMReplicationPlugin - conn=32 op=3
replica="dc=example,dc=es": Unable to acquire replica: error: permission
denied
I have follow the configuration manual from red hat to configure the multimaster from:
http://www.redhat.com/docs/manuals/dir-server/ag/replicat.htm#74262
This is my configuration:
dn: cn=replication manager,cn=config
objectClass: person
objectClass: top
cn: replication manager
sn: RM
userPassword: {SSHA} XXX
passwordExpirationTime: 20380119031407Z
modifiersName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
modifyTimestamp: 20090217141706Z
dn: cn=legacy consumer,cn=replication,cn=config
objectClass: top
objectClass: extensibleObject
cn: legacy consumer
nsslapd-legacy-updatedn: cn=replication manager,cn=config
creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
createTimestamp: 20090216083802Z
modifyTimestamp: 20090216100926Z
nsslapd-legacy-updatepw: {SHA} xxx
dn: cn=replica,cn="dc=example,dc=es",cn=mapping tree, cn=config
objectClass: nsDS5Replica
objectClass: top
nsDS5ReplicaRoot: dc=example,dc=es
nsDS5ReplicaType: 3
nsDS5Flags: 1
nsDS5ReplicaId: 1
nsds5ReplicaPurgeDelay: 604800
cn: replica
creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config
createTimestamp: 20090217095448Z
modifyTimestamp: 20090218092048Z
nsState:: AQAAANnSm0kAAAAAAAAAAAEAAAA=
nsDS5ReplicaName: 000df382-1dd211b2-a7f6fad4-efd80000
nsDS5ReplicaBindDN: cn=replication manager,cn=config
numSubordinates: 1
dn: cn=ldap1, cn=replica, cn="dc=example,dc=es", cn=mapping tree, cn=config
objectClass: top
objectClass: nsDS5ReplicationAgreement
description: Replicacion multimaster entre ldap1 y ldap2
cn: ldap1
nsDS5ReplicaRoot: dc=example,dc=es
nsDS5ReplicaHost: ldap2.example.es
nsDS5ReplicaPort: 636
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaTransportInfo: SSL
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaCredentials: {DES} xxxx
creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
createTimestamp: 20090217100103Z
modifyTimestamp: 20090218103445Z
dn: cn=ldap2, cn=replica, cn="dc=example,dc=es", cn=mapping tree, cn=config
objectClass: top
objectClass: nsDS5ReplicationAgreement
description: Replicacion multimaster entre ldap2 y ldap1
cn: ldap1
nsDS5ReplicaRoot: dc=example,dc=es
nsDS5ReplicaHost: ldap1.example.es
nsDS5ReplicaPort: 636
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaTransportInfo: SSL
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaCredentials: {DES} xxxx
creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
createTimestamp: 20090217100103Z
modifyTimestamp: 20090218103445Z
I can see where the error is, I hope you can help me
Thank you
--
Rocio Quirantes Rodal
Área de Seguridad Informática
Centro Informático Científico de Andalucía (CICA)
Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain)
Tfno.: +34 955 056 648 / +34 955 056 600 / FAX: +34 955 056 650
Consejería de Innovación, Ciencia y Empresa
Junta de Andalucía
--------------------------------------------------
Este mensaje esta firmado digitalmente. Para poder
reconocer la firma desde su cliente debera tener
instalado el certificado raiz de la CA del CICA en
el mismo. Puede descargarlo desde:
http://pki.cica.es/cacert/
--------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3891 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090218/da5d4b01/attachment.bin>
More information about the Fedora-directory-users
mailing list