[Freeipa-users] Command-line replication is not works in FreeIPA-Master

Alexander Bokovoy abokovoy at redhat.com
Thu Sep 1 07:01:26 UTC 2016 

On Thu, 01 Sep 2016, Andrey Rogovsky wrote:
>Hi, Alexander!
>
>I have ldap1 - FreeIPA (master) and ldap2 - 389DS (slave)
>I want one-way replica from ldap1 to ldap2
>On ldap1 I was define dn replication user, replica and agreement
>On ldap2 I was define replica only:
This is what you are doing wrong. Your ldap1 server will attempt to
connect to ldap2 server using the replication user credentials. It is
ldap2 which will be authenticating this request. Where would it take
information about the replication user?

>filter: (objectclass=nsds5replica)
>requesting: All userApplication attributes
># extended LDIF
>#
># LDAPv3
># base <cn=config> with scope subtree
># filter: (objectclass=nsds5replica)
># requesting: ALL
>#
>
># replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
>dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
>objectClass: top
>objectClass: nsds5replica
>objectClass: extensibleObject
>cn: replica
>nsDS5ReplicaRoot: dc=example,dc=com
>nsDS5ReplicaType: 2
>nsDS5ReplicaBindDN: cn=replication manager,cn=config
>nsDS5Flags: 0
>nsDS5ReplicaId: 65535
>nsState:: //8AAAAAAABY2sZXAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAA==
>nsDS5ReplicaName: 06154b02-6f7e11e6-b236be05-3db8a3e8
>nsds5ReplicaChangeCount: 0
>nsds5replicareapactive: 0
>
># search result
>search: 2
>result: 0 Success
>
># numResponses: 2
># numEntries: 1
>
>Does I need define DN replication user on ldap2?
>
>
>2016-09-01 8:57 GMT+03:00 Alexander Bokovoy <abokovoy at redhat.com>:
>
>> On Thu, 01 Sep 2016, Andrey Rogovsky wrote:
>>
>>> Hi, Alexander!
>>>
>>> Thank for fast reply.
>>> I have replication manager object:
>>> filter: (objectclass=organizationalPerson)
>>> requesting: All userApplication attributes
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <cn=config> with scope subtree
>>> # filter: (objectclass=organizationalPerson)
>>> # requesting: ALL
>>> #
>>>
>>> # replication manager, config
>>> dn: cn=replication manager,cn=config
>>> objectClass: inetorgperson
>>> objectClass: person
>>> objectClass: top
>>> objectClass: organizationalPerson
>>> cn: replication manager
>>> sn: RM
>>> userPassword::
>>> e1NTSEF9d281RGZOTTlCSEVWTEhxY1lTcGs0WHdjRXplemU4S280S3EwWnc9PQ=
>>> =
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 2
>>> # numEntries: 1
>>>
>>> But error is present.
>>>
>> You have two LDAP servers. If you have replication going in both
>> directions, you need to have the replication bind entry defined on both
>> servers.
>>
>> If you have replication going in one direction, then the target server
>> should have this replication bind entry defined.
>>
>> Where do you have this entry?
>>
>>
>>
>> --
>> / Alexander Bokovoy
>>

>-- 
>Manage your subscription for the Freeipa-users mailing list:
>https://www.redhat.com/mailman/listinfo/freeipa-users
>Go to http://freeipa.org for more info on the project


-- 
/ Alexander Bokovoy

More information about the Freeipa-users mailing list