[Freeipa-users] Command-line replication is not works in FreeIPA-Master
Andrey Rogovsky
a.rogovsky at gmail.com
Wed Aug 31 15:50:27 UTC 2016
Hi!
Thank you for fast reply.
Yes, I want use standalone 389DS to replica from FreeIPA.
There is my replica:
filter: (objectclass=nsds5replica)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (objectclass=nsds5replica)
# requesting: ALL
#
# replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: nsds5replica
objectClass: extensibleObject
cn: replica
nsDS5ReplicaRoot: dc=example,dc=com
nsDS5ReplicaId: 7
nsDS5ReplicaType: 3
nsDS5Flags: 1
nsds5ReplicaPurgeDelay: 604800
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsState:: BwAAAAAAAABZ98ZXAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAA==
nsDS5ReplicaName: 496dba82-6f7a11e6-9d5ba359-5196ffe4
nsds5ReplicaChangeCount: 22
nsds5replicareapactive: 0
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
So, my replica have entry "cn=replication manager"
But I try add entry in agreement. Unforthunalty this is not help, error is
present:
[root at ldap1 ~]# ldapmodify -v -h ldap1.example.com -p 389 -D "cn=directory
manager" -w ...
ldap_initialize( ldap://ldap1.example.com:389 )
dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config
changetype: modify
replace: nsds5ReplicaBindDN
nsds5ReplicaBindDN: cn=replication manager,cn=config
replace nsds5ReplicaBindDN:
cn=replication manager,cn=config
modifying entry
"cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config"
modify complete
[root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
[31/Aug/2016:11:11:09 +0000] schema-compat-plugin - schema-compat-plugin
tree scan will start in about 5 seconds!
[31/Aug/2016:11:11:09 +0000] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for
LDAPS requests
[31/Aug/2016:11:11:09 +0000] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
[31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries set
up under ou=sudoers,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set
up under cn=ng, cn=compat,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set
up under cn=computers, cn=compat,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
initialization.
[31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id
[cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No
such object) errno 0 (Success)
[31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth
failed: LDAP error 32 (No such object) ()
^C
[root at ldap1 ~]# ldapmodify -v -h ldap1.example.com -p 389 -D "cn=directory
manager" -w ...
ldap_initialize( ldap://ldap1.example.com:389 )
dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config
changetype: modify
replace: nsds5beginreplicarefresh
nsds5beginreplicarefresh: start
replace nsds5beginreplicarefresh:
start
modifying entry
"cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config"
modify complete
[root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
[31/Aug/2016:11:11:09 +0000] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for
LDAPS requests
[31/Aug/2016:11:11:09 +0000] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
[31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries set
up under ou=sudoers,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set
up under cn=ng, cn=compat,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set
up under cn=computers, cn=compat,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
initialization.
[31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id
[cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No
such object) errno 0 (Success)
[31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth
failed: LDAP error 32 (No such object) ()
[31/Aug/2016:15:48:36 +0000] slapi_ldap_bind - Error: could not bind id
[cn=replication manager,cn=config] authentication mechanism [SIMPLE]: error
32 (No such object) errno 0 (Success)
^C
[root at ldap1 ~]#
2016-08-31 18:15 GMT+03:00 Mark Reynolds <mareynol at redhat.com>:
>
>
> On 08/31/2016 09:50 AM, Andrey Rogovsky wrote:
>
> Hi!
>
> I try configure manual replica from FreeIPA DS to 389 DS.
> I have two VM: ldap1.example.com and ldap2.example.com
> I was used this manual https://www.centos.org/docs/5/html/CDS/ag/8.0/
> Managing_Replication-Configuring-Replication-cmd.html for configure relica
>
> There was replica agreement before starting:
>
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope subtree
> # filter: (objectclass=nsds5ReplicationAgreement)
> # requesting: ALL
> #
>
> # ExampleAgreement, replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
> dn: cn=ExampleAgreement,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
> tree,
> cn=config
> objectClass: top
> objectClass: nsds5replicationagreement
> cn: ExampleAgreement
> nsDS5ReplicaHost: ldap2
> nsDS5ReplicaPort: 389
> nsDS5ReplicaBindDN: cn=replication manager
> nsDS5ReplicaBindMethod: SIMPLE
> nsDS5ReplicaRoot: dc=example,dc=com
> description: agreement between supplier1 and consumer1
> nsDS5ReplicaUpdateSchedule: 0000-0500 1
> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE
> authorityRevocationLis
> t
> nsDS5ReplicaCredentials: {AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRV
> VHQ1NxR1NJYjNEUUVG
> RERBNEJDUmxPVFl4TlRsbU5DMWtaV0UyTXpZeA0KTVMxaU1UYzFaREF3Wmkw
> ek5qRmxNalkxWkFBQ
> 0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQ
> UVJckpINmE0S3RFYl
> NhLzkxL01qZg==}Wo+c0XfBnaDhg/a36yguXg==
> nsds5replicareapactive: 0
> nsds5replicaLastUpdateStart: 19700101000000Z
> nsds5replicaLastUpdateEnd: 19700101000000Z
> nsds5replicaChangesSentSinceStartup:
> nsds5replicaLastUpdateStatus: 0 No replication sessions started since
> server s
> tartup
> nsds5replicaUpdateInProgress: FALSE
> nsds5replicaLastInitStart: 19700101000000Z
> nsds5replicaLastInitEnd: 19700101000000Z
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries:
>
>
> There is errors which I get when start replica:
>
>
> [root at ldap1 ~]# ldapmodify -v -h ldap1.example.com -p 389 -D
> "cn=directory manager" -w ...
> ldap_initialize( ldap://ldap1.example.com:389 )
> dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config
> changetype: modify
> replace: nsds5beginreplicarefresh
> nsds5beginreplicarefresh: start
> replace nsds5beginreplicarefresh:
> start
> modifying entry "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config"
> modify complete
>
> [root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
> [31/Aug/2016:11:11:09 +0000] schema-compat-plugin - schema-compat-plugin
> tree scan will start in about 5 seconds!
> [31/Aug/2016:11:11:09 +0000] - slapd started. Listening on All Interfaces
> port 389 for LDAP requests
> [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for
> LDAPS requests
> [31/Aug/2016:11:11:09 +0000] - Listening on /var/run/slapd-EXAMPLE-COM.socket
> for LDAPI requests
> [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries
> set up under ou=sudoers,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries
> set up under cn=ng, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries
> set up under cn=computers, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
> initialization.
> [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id
> [cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No
> such object) errno 0 (Success)
> [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
> agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth
> failed: LDAP error 32 (No such object) ()
> ^C
>
> I'm assuming this is just a standalone 389 Directory Server you are trying
> to replicate to(not a freeIPA installation). If it is a freeipa
> installation, then you should use the freeipa CLI for setting up
> replication.
>
> The error 32 (no such object) you are getting is because the replica does
> not have an entry "cn=replication manager". Looking at the replication
> agreement:
>
> nsDS5ReplicaBindDN: cn=replication manager
>
> This is not a valid DN as there is no base suffix: For example, I would
> expect to see something like "cn=replication manager,cn=config"
>
> https://access.redhat.com/documentation/en-US/Red_Hat_
> Directory_Server/10/html/Administration_Guide/Creating_
> the_Supplier_Bind_DN_Entry.html
>
> Regards,
> Mark
>
>
> Please help me fix this
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/edf92ed5/attachment.htm>
More information about the Freeipa-users
mailing list