<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Andrey,</p>
<p>It looks like you still did not create the replication manager
entry. You must create that manager entry on the standalone
server. Please read the link I sent you:</p>
<p><a moz-do-not-send="true"
href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html"
target="_blank">https://access.redhat.com/<wbr>documentation/en-US/Red_Hat_<wbr>Directory_Server/10/html/<wbr>Administration_Guide/Creating_<wbr>the_Supplier_Bind_DN_Entry.<wbr>html</a></p>
<p>You can verify its existence by doing this search against the
standalone server:</p>
<p>ldapsearch -h <a moz-do-not-send="true"
href="http://ldap1.example.com">ldap1.example.com</a> -p 389
-xLLL -D "cn=directory manager" -W -b cn=config "cn=replication
manager"<br>
</p>
<p>Mark<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 08/31/2016 11:50 AM, Andrey Rogovsky
wrote:<br>
</div>
<blockquote
cite="mid:CAM+V3zKPACcMY1whmFg0PTgRBut=hyAQw3FbfULbbxpdAYz+nQ@mail.gmail.com"
type="cite">
<div dir="ltr">Hi!
<div>Thank you for fast reply.</div>
<div>Yes, I want use standalone 389DS to replica from FreeIPA.</div>
<div>There is my replica:</div>
<div>
<div>filter: (objectclass=nsds5replica)</div>
<div>requesting: All userApplication attributes</div>
<div># extended LDIF</div>
<div>#</div>
<div># LDAPv3</div>
<div># base <cn=config> with scope subtree</div>
<div># filter: (objectclass=nsds5replica)</div>
<div># requesting: ALL</div>
<div>#</div>
<div><br>
</div>
<div># replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config</div>
<div>dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
tree,cn=config</div>
<div>objectClass: top</div>
<div>objectClass: nsds5replica</div>
<div>objectClass: extensibleObject</div>
<div>cn: replica</div>
<div>nsDS5ReplicaRoot: dc=example,dc=com</div>
<div>nsDS5ReplicaId: 7</div>
<div>nsDS5ReplicaType: 3</div>
<div>nsDS5Flags: 1</div>
<div>nsds5ReplicaPurgeDelay: 604800</div>
<div>nsDS5ReplicaBindDN: cn=replication manager,cn=config</div>
<div>nsState::
BwAAAAAAAABZ98ZXAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAA==</div>
<div>nsDS5ReplicaName: 496dba82-6f7a11e6-9d5ba359-5196ffe4</div>
<div>nsds5ReplicaChangeCount: 22</div>
<div>nsds5replicareapactive: 0</div>
<div><br>
</div>
<div># search result</div>
<div>search: 2</div>
<div>result: 0 Success</div>
<div><br>
</div>
<div># numResponses: 2</div>
<div># numEntries: 1</div>
</div>
<div><br>
</div>
<div>So, my replica have entry "cn=replication manager"<br>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">But I try add entry in agreement.
Unforthunalty this is not help, error is present:</div>
<div class="gmail_extra">
<div class="gmail_extra">[root@ldap1 ~]# ldapmodify -v -h <a
moz-do-not-send="true" href="http://ldap1.example.com">ldap1.example.com</a>
-p 389 -D "cn=directory manager" -w ...</div>
<div class="gmail_extra">ldap_initialize( <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a
moz-do-not-send="true"
href="http://ldap1.example.com:389">ldap1.example.com:389</a>
)</div>
<div class="gmail_extra">dn:
cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config</div>
<div class="gmail_extra">changetype: modify</div>
<div class="gmail_extra">replace: nsds5ReplicaBindDN</div>
<div class="gmail_extra">nsds5ReplicaBindDN: cn=replication
manager,cn=config</div>
<div class="gmail_extra">replace nsds5ReplicaBindDN:</div>
<div class="gmail_extra"> cn=replication
manager,cn=config</div>
<div class="gmail_extra">modifying entry
"cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config"</div>
<div class="gmail_extra">modify complete</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">[root@ldap1 ~]# tail -f
/var/log/dirsrv/slapd-EXAMPLE-COM/errors</div>
<div class="gmail_extra">[31/Aug/2016:11:11:09 +0000]
schema-compat-plugin - schema-compat-plugin tree scan will
start in about 5 seconds!</div>
<div class="gmail_extra">[31/Aug/2016:11:11:09 +0000] -
slapd started. Listening on All Interfaces port 389 for
LDAP requests</div>
<div class="gmail_extra">[31/Aug/2016:11:11:09 +0000] -
Listening on All Interfaces port 636 for LDAPS requests</div>
<div class="gmail_extra">[31/Aug/2016:11:11:09 +0000] -
Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI
requests</div>
<div class="gmail_extra">[31/Aug/2016:11:11:13 +0000]
schema-compat-plugin - warning: no entries set up under
ou=sudoers,dc=example,dc=com</div>
<div class="gmail_extra">[31/Aug/2016:11:11:14 +0000]
schema-compat-plugin - warning: no entries set up under
cn=ng, cn=compat,dc=example,dc=com</div>
<div class="gmail_extra">[31/Aug/2016:11:11:14 +0000]
schema-compat-plugin - warning: no entries set up under
cn=computers, cn=compat,dc=example,dc=com</div>
<div class="gmail_extra">[31/Aug/2016:11:11:14 +0000]
schema-compat-plugin - Finished plugin initialization.</div>
<div class="gmail_extra">[31/Aug/2016:13:38:01 +0000]
slapi_ldap_bind - Error: could not bind id [cn=replication
manager] authentication mechanism [SIMPLE]: error 32 (No
such object) errno 0 (Success)</div>
<div class="gmail_extra">[31/Aug/2016:13:38:01 +0000]
NSMMReplicationPlugin - agmt="cn=ExampleAgreement"
(ldap2:389): Replication bind with SIMPLE auth failed:
LDAP error 32 (No such object) ()</div>
<div class="gmail_extra">^C</div>
<div class="gmail_extra">[root@ldap1 ~]# ldapmodify -v -h <a
moz-do-not-send="true" href="http://ldap1.example.com">ldap1.example.com</a>
-p 389 -D "cn=directory manager" -w ...</div>
<div class="gmail_extra">ldap_initialize( <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a
moz-do-not-send="true"
href="http://ldap1.example.com:389">ldap1.example.com:389</a>
)</div>
<div class="gmail_extra">dn:
cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config</div>
<div class="gmail_extra">changetype: modify</div>
<div class="gmail_extra">replace: nsds5beginreplicarefresh</div>
<div class="gmail_extra">nsds5beginreplicarefresh: start</div>
<div class="gmail_extra">replace nsds5beginreplicarefresh:</div>
<div class="gmail_extra"> start</div>
<div class="gmail_extra">modifying entry
"cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config"</div>
<div class="gmail_extra">modify complete</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">[root@ldap1 ~]# tail -f
/var/log/dirsrv/slapd-EXAMPLE-COM/errors</div>
<div class="gmail_extra">[31/Aug/2016:11:11:09 +0000] -
slapd started. Listening on All Interfaces port 389 for
LDAP requests</div>
<div class="gmail_extra">[31/Aug/2016:11:11:09 +0000] -
Listening on All Interfaces port 636 for LDAPS requests</div>
<div class="gmail_extra">[31/Aug/2016:11:11:09 +0000] -
Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI
requests</div>
<div class="gmail_extra">[31/Aug/2016:11:11:13 +0000]
schema-compat-plugin - warning: no entries set up under
ou=sudoers,dc=example,dc=com</div>
<div class="gmail_extra">[31/Aug/2016:11:11:14 +0000]
schema-compat-plugin - warning: no entries set up under
cn=ng, cn=compat,dc=example,dc=com</div>
<div class="gmail_extra">[31/Aug/2016:11:11:14 +0000]
schema-compat-plugin - warning: no entries set up under
cn=computers, cn=compat,dc=example,dc=com</div>
<div class="gmail_extra">[31/Aug/2016:11:11:14 +0000]
schema-compat-plugin - Finished plugin initialization.</div>
<div class="gmail_extra">[31/Aug/2016:13:38:01 +0000]
slapi_ldap_bind - Error: could not bind id [cn=replication
manager] authentication mechanism [SIMPLE]: error 32 (No
such object) errno 0 (Success)</div>
<div class="gmail_extra">[31/Aug/2016:13:38:01 +0000]
NSMMReplicationPlugin - agmt="cn=ExampleAgreement"
(ldap2:389): Replication bind with SIMPLE auth failed:
LDAP error 32 (No such object) ()</div>
<div class="gmail_extra">[31/Aug/2016:15:48:36 +0000]
slapi_ldap_bind - Error: could not bind id [cn=replication
manager,cn=config] authentication mechanism [SIMPLE]:
error 32 (No such object) errno 0 (Success)</div>
<div class="gmail_extra">^C</div>
<div class="gmail_extra">[root@ldap1 ~]# </div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2016-08-31 18:15 GMT+03:00 Mark
Reynolds <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mareynol@redhat.com" target="_blank">mareynol@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<div>
<div class="gmail-h5">
<p><br>
</p>
<br>
<div>On 08/31/2016 09:50 AM, Andrey Rogovsky
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi!
<div><br>
</div>
<div>I try configure manual replica from
FreeIPA DS to 389 DS.</div>
<div>I have two VM: <a moz-do-not-send="true"
href="http://ldap1.example.com"
target="_blank">ldap1.example.com</a> and
<a moz-do-not-send="true"
href="http://ldap2.example.com"
target="_blank">ldap2.example.com</a></div>
<div>I was used this manual <a
moz-do-not-send="true"
href="https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html"
target="_blank">https://www.centos.org/<wbr>docs/5/html/CDS/ag/8.0/<wbr>Managing_Replication-<wbr>Configuring-Replication-cmd.<wbr>html</a>
for configure relica</div>
<div><br>
</div>
<div>There was replica agreement before
starting:</div>
<div><br>
</div>
<div>
<div># extended LDIF</div>
<div>#</div>
<div># LDAPv3</div>
<div># base <cn=config> with scope
subtree</div>
<div># filter: (objectclass=<wbr>nsds5ReplicationAgreement)</div>
<div># requesting: ALL</div>
<div>#</div>
<div><br>
</div>
<div># ExampleAgreement, replica,
dc\3Dexample\2Cdc\3Dcom, mapping tree,
config</div>
<div>dn: cn=ExampleAgreement,cn=<wbr>replica,cn=dc\3Dexample\2Cdc\<wbr>3Dcom,cn=mapping
tree,</div>
<div> cn=config</div>
<div>objectClass: top</div>
<div>objectClass: nsds5replicationagreement</div>
<div>cn: ExampleAgreement</div>
<div>nsDS5ReplicaHost: ldap2</div>
<div>nsDS5ReplicaPort: 389</div>
<div>nsDS5ReplicaBindDN: cn=replication
manager</div>
<div>nsDS5ReplicaBindMethod: SIMPLE</div>
<div>nsDS5ReplicaRoot: dc=example,dc=com</div>
<div>description: agreement between
supplier1 and consumer1</div>
<div>nsDS5ReplicaUpdateSchedule: 0000-0500 1</div>
<div>nsDS5ReplicatedAttributeList:
(objectclass=*) $ EXCLUDE
authorityRevocationLis</div>
<div> t</div>
<div>nsDS5ReplicaCredentials: {AES-<wbr>TUhNR0NTcUdTSWIzRFFFRkRUQm1NRV<wbr>VHQ1NxR1NJYjNEUUVG</div>
<div> <wbr>RERBNEJDUmxPVFl4TlRsbU5DMWtaV0<wbr>UyTXpZeA0KTVMxaU1UYzFaREF3Wmkw<wbr>ek5qRmxNalkxWkFBQ</div>
<div> <wbr>0FRSUNBU0F3Q2dZSUtvWklodmNOQWd<wbr>jd0hRWUpZSVpJQVdVRA0KQkFFcUJCQ<wbr>UVJckpINmE0S3RFYl</div>
<div> NhLzkxL01qZg==}Wo+c0XfBnaDhg/<wbr>a36yguXg==</div>
<div>nsds5replicareapactive: 0</div>
<div>nsds5replicaLastUpdateStart:
19700101000000Z</div>
<div>nsds5replicaLastUpdateEnd:
19700101000000Z</div>
<div>nsds5replicaChangesSentSinceSt<wbr>artup:</div>
<div>nsds5replicaLastUpdateStatus: 0 No
replication sessions started since server
s</div>
<div> tartup</div>
<div>nsds5replicaUpdateInProgress: FALSE</div>
<div>nsds5replicaLastInitStart:
19700101000000Z</div>
<div>nsds5replicaLastInitEnd:
19700101000000Z</div>
<div><br>
</div>
<div># search result</div>
<div>search: 2</div>
<div>result: 0 Success</div>
<div><br>
</div>
<div># numResponses: 2</div>
<div># numEntries: </div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>There is errors which I get when start
replica:</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>[root@ldap1 ~]# ldapmodify -v -h <a
moz-do-not-send="true"
href="http://ldap1.example.com"
target="_blank">ldap1.example.com</a> -p
389 -D "cn=directory manager" -w ...</div>
<div>ldap_initialize( <a
moz-do-not-send="true">ldap://</a><a
moz-do-not-send="true"
href="http://ldap1.example.com:389"
target="_blank">ldap1.example.com:389</a>
)</div>
<div>dn: cn=ExampleAgreement,cn=<wbr>replica,cn="dc=example,dc=com"<wbr>,cn=mapping
tree,cn=config</div>
<div>changetype: modify</div>
<div>replace: nsds5beginreplicarefresh</div>
<div>nsds5beginreplicarefresh: start</div>
<div>replace nsds5beginreplicarefresh:</div>
<div> start</div>
<div>modifying entry
"cn=ExampleAgreement,cn=<wbr>replica,cn="dc=example,dc=com"<wbr>,cn=mapping
tree,cn=config"</div>
<div>modify complete</div>
<div><br>
</div>
<div>[root@ldap1 ~]# tail -f
/var/log/dirsrv/slapd-EXAMPLE-<wbr>COM/errors</div>
<div>[31/Aug/2016:11:11:09 +0000]
schema-compat-plugin -
schema-compat-plugin tree scan will start
in about 5 seconds!</div>
<div>[31/Aug/2016:11:11:09 +0000] - slapd
started. Listening on All Interfaces port
389 for LDAP requests</div>
<div>[31/Aug/2016:11:11:09 +0000] -
Listening on All Interfaces port 636 for
LDAPS requests</div>
<div>[31/Aug/2016:11:11:09 +0000] -
Listening on /var/run/slapd-EXAMPLE-COM.<wbr>socket
for LDAPI requests</div>
<div>[31/Aug/2016:11:11:13 +0000]
schema-compat-plugin - warning: no entries
set up under ou=sudoers,dc=example,dc=com</div>
<div>[31/Aug/2016:11:11:14 +0000]
schema-compat-plugin - warning: no entries
set up under cn=ng,
cn=compat,dc=example,dc=com</div>
<div>[31/Aug/2016:11:11:14 +0000]
schema-compat-plugin - warning: no entries
set up under cn=computers,
cn=compat,dc=example,dc=com</div>
<div>[31/Aug/2016:11:11:14 +0000]
schema-compat-plugin - Finished plugin
initialization.</div>
<div>[31/Aug/2016:13:38:01 +0000]
slapi_ldap_bind - Error: could not bind id
[cn=replication manager] authentication
mechanism [SIMPLE]: error 32 (No such
object) errno 0 (Success)</div>
<div>[31/Aug/2016:13:38:01 +0000]
NSMMReplicationPlugin -
agmt="cn=ExampleAgreement" (ldap2:389):
Replication bind with SIMPLE auth failed:
LDAP error 32 (No such object) ()</div>
<div>^C</div>
</div>
</div>
</blockquote>
</div>
</div>
I'm assuming this is just a standalone 389 Directory
Server you are trying to replicate to(not a freeIPA
installation). If it is a freeipa installation, then
you should use the freeipa CLI for setting up
replication.<br>
<br>
The error 32 (no such object) you are getting is
because the replica does not have an entry
"cn=replication manager". Looking at the replication
agreement:<br>
<br>
nsDS5ReplicaBindDN: cn=replication manager<br>
<br>
This is not a valid DN as there is no base suffix:
For example, I would expect to see something like
"cn=replication manager,cn=config"<br>
<br>
<a moz-do-not-send="true"
href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html"
target="_blank">https://access.redhat.com/<wbr>documentation/en-US/Red_Hat_<wbr>Directory_Server/10/html/<wbr>Administration_Guide/Creating_<wbr>the_Supplier_Bind_DN_Entry.<wbr>html</a><br>
<br>
Regards,<br>
Mark<span class="gmail-"><br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Please help me fix this</div>
<div><br>
</div>
<div><span
style="font-size:medium;line-height:32px"><br>
</span></div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
</span></div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>