[Freeipa-users] Command-line replication is not works in FreeIPA-Master
Andrey Rogovsky
a.rogovsky at gmail.com
Wed Aug 31 13:50:02 UTC 2016
Hi!
I try configure manual replica from FreeIPA DS to 389 DS.
I have two VM: ldap1.example.com and ldap2.example.com
I was used this manual
https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html
for configure relica
There was replica agreement before starting:
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (objectclass=nsds5ReplicationAgreement)
# requesting: ALL
#
# ExampleAgreement, replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
dn: cn=ExampleAgreement,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
tree,
cn=config
objectClass: top
objectClass: nsds5replicationagreement
cn: ExampleAgreement
nsDS5ReplicaHost: ldap2
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=replication manager
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaRoot: dc=example,dc=com
description: agreement between supplier1 and consumer1
nsDS5ReplicaUpdateSchedule: 0000-0500 1
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE
authorityRevocationLis
t
nsDS5ReplicaCredentials:
{AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRVVHQ1NxR1NJYjNEUUVG
RERBNEJDUmxPVFl4TlRsbU5DMWtaV0UyTXpZeA0KTVMxaU1UYzFaREF3Wmkwek5qRmxNalkxWkFBQ
0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQUVJckpINmE0S3RFYl
NhLzkxL01qZg==}Wo+c0XfBnaDhg/a36yguXg==
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 19700101000000Z
nsds5replicaLastUpdateEnd: 19700101000000Z
nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: 0 No replication sessions started since
server s
tartup
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries:
There is errors which I get when start replica:
[root at ldap1 ~]# ldapmodify -v -h ldap1.example.com -p 389 -D "cn=directory
manager" -w ...
ldap_initialize( ldap://ldap1.example.com:389 )
dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config
changetype: modify
replace: nsds5beginreplicarefresh
nsds5beginreplicarefresh: start
replace nsds5beginreplicarefresh:
start
modifying entry
"cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config"
modify complete
[root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
[31/Aug/2016:11:11:09 +0000] schema-compat-plugin - schema-compat-plugin
tree scan will start in about 5 seconds!
[31/Aug/2016:11:11:09 +0000] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for
LDAPS requests
[31/Aug/2016:11:11:09 +0000] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
[31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries set
up under ou=sudoers,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set
up under cn=ng, cn=compat,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set
up under cn=computers, cn=compat,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
initialization.
[31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id
[cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No
such object) errno 0 (Success)
[31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth
failed: LDAP error 32 (No such object) ()
^C
Please help me fix this
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/b8f9c3dd/attachment.htm>
More information about the Freeipa-users
mailing list