[Fedora-directory-users] replicating configuration directotry (NetscapeRoot)

Richard Megginson rmeggins at redhat.com
Tue May 2 01:36:06 UTC 2006


Linux Admin wrote:
> Richard, Here is more detail error message
> [01/May/2006:18:21:38 -0500] NSMMReplicationPlugin - 
> agmt="cn=F04T02NET" (serve01:1389): Unable to acquire replica: 
> permission denied. The bind dn "cn=replication manager,cn=config" does 
> not have permission to supply replication updates to the replica. Will 
> retry later
This usually means there is no supplier DN given in the replica config, 
or there is a spelling error in the supplier DN name.
>
>
>
> On 5/1/06, *Richard Megginson* <rmeggins at redhat.com 
> <mailto:rmeggins at redhat.com>> wrote:
>
>     Linux Admin wrote:
>     > Richard,
>     > I have tried disabling the pass-through on server 2 and
>     unfortunately
>     > I still can not replicate from 2 to 1.
>     > Replications from 1 to 2 works fine. I had to manually create
>     > NetscapeRoot on 2 initially, could be it that is created with
>     > different set of attributes then on 1.
>     > The error is 3. Permission denied.
>     Make sure the user you are using as your supplier DN on server 1
>     exists
>     on server 1 (and likewise for server 2).  Try using ldapsearch
>     from the
>     command line - bind with your supplier DN and password - to see if you
>     can use those credentials to search the suffix on both servers.
>     > What else could it be.
>     > Thanks for all your help.
>     >
>     >
>     >
>     > On 4/28/06, *Linux Admin* <sysadmin.linux at gmail.com
>     <mailto:sysadmin.linux at gmail.com>
>     > <mailto: sysadmin.linux at gmail.com
>     <mailto:sysadmin.linux at gmail.com>>> wrote:
>     >
>     >     Richard,
>     >     Thanks, let me try. I am surprised there is no documentation at
>     >     all on NetScape root replication.
>     >     You help is very much appricated
>     >
>     >
>     >
>     >
>     >     On 4/28/06, * Richard Megginson* <rmeggins at redhat.com
>     <mailto:rmeggins at redhat.com>
>     >     <mailto:rmeggins at redhat.com <mailto:rmeggins at redhat.com>>>
>     wrote:
>     >
>     >         Linux Admin wrote:
>     >         > Richard,
>     >         > Thanks, this is very good.
>     >         > I do not want to really disable it right now,
>     >         I think you may need to disable it on the replica in
>     order to make
>     >         replication work.
>     >         > I just want to have 2 way replication between Server 1 and
>     >         Server 2,
>     >         > and used authenticate against server1. I would then
>     setup in
>     >         pluging
>     >         > authentication against both 1 and 2. Is this right way?
>     >         > Thank your very much for your time and advice.
>     >         >
>     >         >
>     >         > On 4/28/06, *Richard Megginson* < rmeggins at redhat.com
>     <mailto:rmeggins at redhat.com>
>     >         <mailto:rmeggins at redhat.com <mailto:rmeggins at redhat.com>>
>     >         > <mailto: rmeggins at redhat.com
>     <mailto:rmeggins at redhat.com> <mailto:rmeggins at redhat.com
>     <mailto:rmeggins at redhat.com>>>>
>     >         wrote:
>     >         >
>     >         >     Linux Admin wrote:
>     >         >     > Folks,
>     >         >     > Is it possible to set up multi-master replication of
>     >         NetscapeRoot
>     >         >     > configuration directory.
>     >         >     > I have tried and I can successfully initialize
>     >         subscribers from the
>     >         >     > current configuration directory server.
>     >         >     > However initialization of replication in opposite
>     >         direction fails.
>     >         >     >
>     >         >     > Server 1 current conf dir -> Server 2:
>     rplication sucsfull
>     >         >     > o=NetscapeRoot is populated
>     >         >     > Server 1 current conf dir <- Server 2: rplication
>     >         failes with error:
>     >         >     > Permission denied. Error code 3
>     >         >     Part of the problem is that, when you set up a second
>     >         instance, the
>     >         >     installer automatically enables pass through
>     >         authentication for the
>     >         >     console admin user, which allows that user to login as
>     >         >     uid=admin,.....,o=NetscapeRoot on machines which
>     do not have
>     >         >     o=NetscapeRoot.  So the first thing you need to do
>     is to
>     >         disable the
>     >         >     pass through auth plugin (console -> directory
>     console ->
>     >         >     Configuration
>     >         >     -> Plug-ins -> Pass Through -> uncheck the Enable
>     box - then
>     >         >     restart the
>     >         >     server.
>     >         >     >
>     >         >     > on Server 2 I had to manully create NetscapeRoot
>     database.
>     >         >     > What am I missing?. Is it "idiot prrof" feature?
>     >         >     >
>     >         >     > Thanks in advance for any help
>     >         >     > SysLin
>     >         >     >
>     >         >     >
>     >         >
>     >        
>     ------------------------------------------------------------------------
>     >         >     >
>     >         >     > --
>     >         >     > Fedora-directory-users mailing list
>     >         >     > Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>
>     >         <mailto:Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>>
>     >         >     <mailto: Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>
>     >         <mailto:Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>>>
>     >         >     >
>     >        
>     https://www.redhat.com/mailman/listinfo/fedora-directory-users
>     >         <
>     https://www.redhat.com/mailman/listinfo/fedora-directory-users>
>     >         >     >
>     >         >
>     >         >
>     >         >     --
>     >         >     Fedora-directory-users mailing list
>     >         >     Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>
>     >         <mailto:Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>>
>     >         >     <mailto: Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>
>     >         <mailto:Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>>>
>     >         >
>     >        
>     https://www.redhat.com/mailman/listinfo/fedora-directory-users
>     >         >
>     >         >
>     >         >
>     >         >
>     >         >
>     ------------------------------------------------------------------------
>     >
>     >         >
>     >         > --
>     >         > Fedora-directory-users mailing list
>     >         > Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>
>     >         <mailto:Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>>
>     >         >
>     https://www.redhat.com/mailman/listinfo/fedora-directory-users
>     >         >
>     >
>     >
>     >         --
>     >         Fedora-directory-users mailing list
>     >         Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>
>     >         <mailto: Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>>
>     >        
>     https://www.redhat.com/mailman/listinfo/fedora-directory-users
>     >
>     >
>     >
>     >
>     >
>     >
>     ------------------------------------------------------------------------
>     >
>     > --
>     > Fedora-directory-users mailing list
>     > Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>
>     > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>     >
>
>
>     --
>     Fedora-directory-users mailing list
>     Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>
>     https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060501/18b4a76c/attachment.bin>


More information about the Fedora-directory-users mailing list