<div dir="ltr">Hi!<div>Thank you for fast reply.</div><div>Yes, I want use standalone 389DS to replica from FreeIPA.</div><div>There is my replica:</div><div><div>filter: (objectclass=nsds5replica)</div><div>requesting: All userApplication attributes</div><div># extended LDIF</div><div>#</div><div># LDAPv3</div><div># base <cn=config> with scope subtree</div><div># filter: (objectclass=nsds5replica)</div><div># requesting: ALL</div><div>#</div><div><br></div><div># replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config</div><div>dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config</div><div>objectClass: top</div><div>objectClass: nsds5replica</div><div>objectClass: extensibleObject</div><div>cn: replica</div><div>nsDS5ReplicaRoot: dc=example,dc=com</div><div>nsDS5ReplicaId: 7</div><div>nsDS5ReplicaType: 3</div><div>nsDS5Flags: 1</div><div>nsds5ReplicaPurgeDelay: 604800</div><div>nsDS5ReplicaBindDN: cn=replication manager,cn=config</div><div>nsState:: BwAAAAAAAABZ98ZXAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAA==</div><div>nsDS5ReplicaName: 496dba82-6f7a11e6-9d5ba359-5196ffe4</div><div>nsds5ReplicaChangeCount: 22</div><div>nsds5replicareapactive: 0</div><div><br></div><div># search result</div><div>search: 2</div><div>result: 0 Success</div><div><br></div><div># numResponses: 2</div><div># numEntries: 1</div></div><div><br></div><div>So, my replica have entry "cn=replication manager"<br><div class="gmail_extra"><br></div><div class="gmail_extra">But I try add entry in agreement. Unforthunalty this is not help, error is present:</div><div class="gmail_extra"><div class="gmail_extra">[root@ldap1 ~]# ldapmodify -v -h <a href="http://ldap1.example.com">ldap1.example.com</a> -p 389 -D "cn=directory manager" -w ...</div><div class="gmail_extra">ldap_initialize( ldap://<a href="http://ldap1.example.com:389">ldap1.example.com:389</a> )</div><div class="gmail_extra">dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config</div><div class="gmail_extra">changetype: modify</div><div class="gmail_extra">replace: nsds5ReplicaBindDN</div><div class="gmail_extra">nsds5ReplicaBindDN: cn=replication manager,cn=config</div><div class="gmail_extra">replace nsds5ReplicaBindDN:</div><div class="gmail_extra"> cn=replication manager,cn=config</div><div class="gmail_extra">modifying entry "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config"</div><div class="gmail_extra">modify complete</div><div class="gmail_extra"><br></div><div class="gmail_extra">[root@ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors</div><div class="gmail_extra">[31/Aug/2016:11:11:09 +0000] schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds!</div><div class="gmail_extra">[31/Aug/2016:11:11:09 +0000] - slapd started. Listening on All Interfaces port 389 for LDAP requests</div><div class="gmail_extra">[31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for LDAPS requests</div><div class="gmail_extra">[31/Aug/2016:11:11:09 +0000] - Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests</div><div class="gmail_extra">[31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=example,dc=com</div><div class="gmail_extra">[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=example,dc=com</div><div class="gmail_extra">[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=example,dc=com</div><div class="gmail_extra">[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin initialization.</div><div class="gmail_extra">[31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id [cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No such object) errno 0 (Success)</div><div class="gmail_extra">[31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin - agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth failed: LDAP error 32 (No such object) ()</div><div class="gmail_extra">^C</div><div class="gmail_extra">[root@ldap1 ~]# ldapmodify -v -h <a href="http://ldap1.example.com">ldap1.example.com</a> -p 389 -D "cn=directory manager" -w ...</div><div class="gmail_extra">ldap_initialize( ldap://<a href="http://ldap1.example.com:389">ldap1.example.com:389</a> )</div><div class="gmail_extra">dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config</div><div class="gmail_extra">changetype: modify</div><div class="gmail_extra">replace: nsds5beginreplicarefresh</div><div class="gmail_extra">nsds5beginreplicarefresh: start</div><div class="gmail_extra">replace nsds5beginreplicarefresh:</div><div class="gmail_extra"> start</div><div class="gmail_extra">modifying entry "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config"</div><div class="gmail_extra">modify complete</div><div class="gmail_extra"><br></div><div class="gmail_extra">[root@ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors</div><div class="gmail_extra">[31/Aug/2016:11:11:09 +0000] - slapd started. Listening on All Interfaces port 389 for LDAP requests</div><div class="gmail_extra">[31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for LDAPS requests</div><div class="gmail_extra">[31/Aug/2016:11:11:09 +0000] - Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests</div><div class="gmail_extra">[31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=example,dc=com</div><div class="gmail_extra">[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=example,dc=com</div><div class="gmail_extra">[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=example,dc=com</div><div class="gmail_extra">[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin initialization.</div><div class="gmail_extra">[31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id [cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No such object) errno 0 (Success)</div><div class="gmail_extra">[31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin - agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth failed: LDAP error 32 (No such object) ()</div><div class="gmail_extra">[31/Aug/2016:15:48:36 +0000] slapi_ldap_bind - Error: could not bind id [cn=replication manager,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) errno 0 (Success)</div><div class="gmail_extra">^C</div><div class="gmail_extra">[root@ldap1 ~]# </div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-31 18:15 GMT+03:00 Mark Reynolds <span dir="ltr"><<a href="mailto:mareynol@redhat.com" target="_blank">mareynol@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#FFFFFF"><div><div class="gmail-h5"> <p><br> </p> <br> <div>On 08/31/2016 09:50 AM, Andrey Rogovsky wrote:<br> </div> <blockquote type="cite"> <div dir="ltr">Hi! <div><br> </div> <div>I try configure manual replica from FreeIPA DS to 389 DS.</div> <div>I have two VM: <a href="http://ldap1.example.com" target="_blank">ldap1.example.com</a> and <a href="http://ldap2.example.com" target="_blank">ldap2.example.com</a></div> <div>I was used this manual <a href="https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html" target="_blank">https://www.centos.org/<wbr>docs/5/html/CDS/ag/8.0/<wbr>Managing_Replication-<wbr>Configuring-Replication-cmd.<wbr>html</a> for configure relica</div> <div><br> </div> <div>There was replica agreement before starting:</div> <div><br> </div> <div> <div># extended LDIF</div> <div>#</div> <div># LDAPv3</div> <div># base <cn=config> with scope subtree</div> <div># filter: (objectclass=<wbr>nsds5ReplicationAgreement)</div> <div># requesting: ALL</div> <div>#</div> <div><br> </div> <div># ExampleAgreement, replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config</div> <div>dn: cn=ExampleAgreement,cn=<wbr>replica,cn=dc\3Dexample\2Cdc\<wbr>3Dcom,cn=mapping tree,</div> <div> cn=config</div> <div>objectClass: top</div> <div>objectClass: nsds5replicationagreement</div> <div>cn: ExampleAgreement</div> <div>nsDS5ReplicaHost: ldap2</div> <div>nsDS5ReplicaPort: 389</div> <div>nsDS5ReplicaBindDN: cn=replication manager</div> <div>nsDS5ReplicaBindMethod: SIMPLE</div> <div>nsDS5ReplicaRoot: dc=example,dc=com</div> <div>description: agreement between supplier1 and consumer1</div> <div>nsDS5ReplicaUpdateSchedule: 0000-0500 1</div> <div>nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE authorityRevocationLis</div> <div> t</div> <div>nsDS5ReplicaCredentials: {AES-<wbr>TUhNR0NTcUdTSWIzRFFFRkRUQm1NRV<wbr>VHQ1NxR1NJYjNEUUVG</div> <div> <wbr>RERBNEJDUmxPVFl4TlRsbU5DMWtaV0<wbr>UyTXpZeA0KTVMxaU1UYzFaREF3Wmkw<wbr>ek5qRmxNalkxWkFBQ</div> <div> <wbr>0FRSUNBU0F3Q2dZSUtvWklodmNOQWd<wbr>jd0hRWUpZSVpJQVdVRA0KQkFFcUJCQ<wbr>UVJckpINmE0S3RFYl</div> <div> NhLzkxL01qZg==}Wo+c0XfBnaDhg/<wbr>a36yguXg==</div> <div>nsds5replicareapactive: 0</div> <div>nsds5replicaLastUpdateStart: 19700101000000Z</div> <div>nsds5replicaLastUpdateEnd: 19700101000000Z</div> <div>nsds5replicaChangesSentSinceSt<wbr>artup:</div> <div>nsds5replicaLastUpdateStatus: 0 No replication sessions started since server s</div> <div> tartup</div> <div>nsds5replicaUpdateInProgress: FALSE</div> <div>nsds5replicaLastInitStart: 19700101000000Z</div> <div>nsds5replicaLastInitEnd: 19700101000000Z</div> <div><br> </div> <div># search result</div> <div>search: 2</div> <div>result: 0 Success</div> <div><br> </div> <div># numResponses: 2</div> <div># numEntries: </div> </div> <div><br> </div> <div><br> </div> <div>There is errors which I get when start replica:</div> <div><br> </div> <div><br> </div> <div> <div>[root@ldap1 ~]# ldapmodify -v -h <a href="http://ldap1.example.com" target="_blank">ldap1.example.com</a> -p 389 -D "cn=directory manager" -w ...</div> <div>ldap_initialize( <a>ldap://</a><a href="http://ldap1.example.com:389" target="_blank">ldap1.example.com:389</a> )</div> <div>dn: cn=ExampleAgreement,cn=<wbr>replica,cn="dc=example,dc=com"<wbr>,cn=mapping tree,cn=config</div> <div>changetype: modify</div> <div>replace: nsds5beginreplicarefresh</div> <div>nsds5beginreplicarefresh: start</div> <div>replace nsds5beginreplicarefresh:</div> <div> start</div> <div>modifying entry "cn=ExampleAgreement,cn=<wbr>replica,cn="dc=example,dc=com"<wbr>,cn=mapping tree,cn=config"</div> <div>modify complete</div> <div><br> </div> <div>[root@ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-<wbr>COM/errors</div> <div>[31/Aug/2016:11:11:09 +0000] schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds!</div> <div>[31/Aug/2016:11:11:09 +0000] - slapd started. Listening on All Interfaces port 389 for LDAP requests</div> <div>[31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for LDAPS requests</div> <div>[31/Aug/2016:11:11:09 +0000] - Listening on /var/run/slapd-EXAMPLE-COM.<wbr>socket for LDAPI requests</div> <div>[31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=example,dc=com</div> <div>[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=example,dc=com</div> <div>[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=example,dc=com</div> <div>[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin initialization.</div> <div>[31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id [cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No such object) errno 0 (Success)</div> <div>[31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin - agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth failed: LDAP error 32 (No such object) ()</div> <div>^C</div> </div> </div> </blockquote></div></div> I'm assuming this is just a standalone 389 Directory Server you are trying to replicate to(not a freeIPA installation). If it is a freeipa installation, then you should use the freeipa CLI for setting up replication.<br> <br> The error 32 (no such object) you are getting is because the replica does not have an entry "cn=replication manager". Looking at the replication agreement:<br> <br> nsDS5ReplicaBindDN: cn=replication manager<br> <br> This is not a valid DN as there is no base suffix: For example, I would expect to see something like "cn=replication manager,cn=config"<br> <br> <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html" target="_blank">https://access.redhat.com/<wbr>documentation/en-US/Red_Hat_<wbr>Directory_Server/10/html/<wbr>Administration_Guide/Creating_<wbr>the_Supplier_Bind_DN_Entry.<wbr>html</a><br> <br> Regards,<br> Mark<span class="gmail-"><br> <blockquote type="cite"> <div dir="ltr"> <div><br> </div> <div>Please help me fix this</div> <div><br> </div> <div><span style="font-size:medium;line-height:32px"><br> </span></div> </div> <br> <fieldset></fieldset> <br> </blockquote> <br> </span></div> </blockquote></div><br></div></div></div>