<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p><br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 08/31/2016 09:50 AM, Andrey Rogovsky
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAM+V3zJVyPyV-+atTttq9MVUvZWwPhRUKAEYriFYvrMAbE=4_Q@mail.gmail.com"
      type="cite">
      <div dir="ltr">Hi!
        <div><br>
        </div>
        <div>I try configure manual replica from FreeIPA DS to 389 DS.</div>
        <div>I have two VM: <a moz-do-not-send="true"
            href="http://ldap1.example.com">ldap1.example.com</a> and <a
            moz-do-not-send="true" href="http://ldap2.example.com">ldap2.example.com</a></div>
        <div>I was used this manual <a moz-do-not-send="true"
href="https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html">https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html</a>
          for configure relica</div>
        <div><br>
        </div>
        <div>There was replica agreement before starting:</div>
        <div><br>
        </div>
        <div>
          <div># extended LDIF</div>
          <div>#</div>
          <div># LDAPv3</div>
          <div># base <cn=config> with scope subtree</div>
          <div># filter: (objectclass=nsds5ReplicationAgreement)</div>
          <div># requesting: ALL</div>
          <div>#</div>
          <div><br>
          </div>
          <div># ExampleAgreement, replica, dc\3Dexample\2Cdc\3Dcom,
            mapping tree, config</div>
          <div>dn:
            cn=ExampleAgreement,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
            tree,</div>
          <div> cn=config</div>
          <div>objectClass: top</div>
          <div>objectClass: nsds5replicationagreement</div>
          <div>cn: ExampleAgreement</div>
          <div>nsDS5ReplicaHost: ldap2</div>
          <div>nsDS5ReplicaPort: 389</div>
          <div>nsDS5ReplicaBindDN: cn=replication manager</div>
          <div>nsDS5ReplicaBindMethod: SIMPLE</div>
          <div>nsDS5ReplicaRoot: dc=example,dc=com</div>
          <div>description: agreement between supplier1 and consumer1</div>
          <div>nsDS5ReplicaUpdateSchedule: 0000-0500 1</div>
          <div>nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE
            authorityRevocationLis</div>
          <div> t</div>
          <div>nsDS5ReplicaCredentials:
            {AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRVVHQ1NxR1NJYjNEUUVG</div>
          <div> RERBNEJDUmxPVFl4TlRsbU5DMWtaV0UyTXpZeA0KTVMxaU1UYzFaREF3Wmkwek5qRmxNalkxWkFBQ</div>
          <div> 0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQUVJckpINmE0S3RFYl</div>
          <div> NhLzkxL01qZg==}Wo+c0XfBnaDhg/a36yguXg==</div>
          <div>nsds5replicareapactive: 0</div>
          <div>nsds5replicaLastUpdateStart: 19700101000000Z</div>
          <div>nsds5replicaLastUpdateEnd: 19700101000000Z</div>
          <div>nsds5replicaChangesSentSinceStartup:</div>
          <div>nsds5replicaLastUpdateStatus: 0 No replication sessions
            started since server s</div>
          <div> tartup</div>
          <div>nsds5replicaUpdateInProgress: FALSE</div>
          <div>nsds5replicaLastInitStart: 19700101000000Z</div>
          <div>nsds5replicaLastInitEnd: 19700101000000Z</div>
          <div><br>
          </div>
          <div># search result</div>
          <div>search: 2</div>
          <div>result: 0 Success</div>
          <div><br>
          </div>
          <div># numResponses: 2</div>
          <div># numEntries: </div>
        </div>
        <div><br>
        </div>
        <div><br>
        </div>
        <div>There is errors which I get when start replica:</div>
        <div><br>
        </div>
        <div><br>
        </div>
        <div>
          <div>[root@ldap1 ~]# ldapmodify  -v -h <a
              moz-do-not-send="true" href="http://ldap1.example.com">ldap1.example.com</a>
            -p 389 -D "cn=directory manager" -w ...</div>
          <div>ldap_initialize( <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a moz-do-not-send="true"
              href="http://ldap1.example.com:389">ldap1.example.com:389</a>
            )</div>
          <div>dn:
            cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
            tree,cn=config</div>
          <div>changetype: modify</div>
          <div>replace: nsds5beginreplicarefresh</div>
          <div>nsds5beginreplicarefresh: start</div>
          <div>replace nsds5beginreplicarefresh:</div>
          <div>        start</div>
          <div>modifying entry
            "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
            tree,cn=config"</div>
          <div>modify complete</div>
          <div><br>
          </div>
          <div>[root@ldap1 ~]# tail -f
            /var/log/dirsrv/slapd-EXAMPLE-COM/errors</div>
          <div>[31/Aug/2016:11:11:09 +0000] schema-compat-plugin -
            schema-compat-plugin tree scan will start in about 5
            seconds!</div>
          <div>[31/Aug/2016:11:11:09 +0000] - slapd started.  Listening
            on All Interfaces port 389 for LDAP requests</div>
          <div>[31/Aug/2016:11:11:09 +0000] - Listening on All
            Interfaces port 636 for LDAPS requests</div>
          <div>[31/Aug/2016:11:11:09 +0000] - Listening on
            /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests</div>
          <div>[31/Aug/2016:11:11:13 +0000] schema-compat-plugin -
            warning: no entries set up under
            ou=sudoers,dc=example,dc=com</div>
          <div>[31/Aug/2016:11:11:14 +0000] schema-compat-plugin -
            warning: no entries set up under cn=ng,
            cn=compat,dc=example,dc=com</div>
          <div>[31/Aug/2016:11:11:14 +0000] schema-compat-plugin -
            warning: no entries set up under cn=computers,
            cn=compat,dc=example,dc=com</div>
          <div>[31/Aug/2016:11:11:14 +0000] schema-compat-plugin -
            Finished plugin initialization.</div>
          <div>[31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error:
            could not bind id [cn=replication manager] authentication
            mechanism [SIMPLE]: error 32 (No such object) errno 0
            (Success)</div>
          <div>[31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
            agmt="cn=ExampleAgreement" (ldap2:389): Replication bind
            with SIMPLE auth failed: LDAP error 32 (No such object) ()</div>
          <div>^C</div>
        </div>
      </div>
    </blockquote>
    I'm assuming this is just a standalone 389 Directory Server you are
    trying to replicate to(not a freeIPA installation).  If it is a
    freeipa installation, then you should use the freeipa CLI for
    setting up replication.<br>
    <br>
    The error 32 (no such object) you are getting is because the replica
    does not have an entry "cn=replication manager".  Looking at the
    replication agreement:<br>
    <br>
    nsDS5ReplicaBindDN: cn=replication manager<br>
    <br>
    This is not a valid DN as there is no base suffix:  For example, I
    would expect to see something like "cn=replication
    manager,cn=config"<br>
    <br>
<a class="moz-txt-link-freetext" href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html">https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html</a><br>
    <br>
    Regards,<br>
    Mark<br>
    <blockquote
cite="mid:CAM+V3zJVyPyV-+atTttq9MVUvZWwPhRUKAEYriFYvrMAbE=4_Q@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div><br>
        </div>
        <div>Please help me fix this</div>
        <div><br>
        </div>
        <div><span style="font-size:medium;line-height:32px"><br>
          </span></div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
    </blockquote>
    <br>
  </body>
</html>