[Fedora-directory-users] Questions about setting up replication by modifying ldap directly.

Tue Dec 11 23:17:16 UTC 2007

On Tuesday 11 December 2007 9:31 pm, Rich Megginson wrote:

[big time snip]

> The supplier will by default attempt to send updates immediately.  If
> the consumer goes down, the supplier will keep trying to reach it, using
> an exponential backoff strategy, until it attempts to contact the
> consumer every 5 minutes.  So at most you should only have to wait 5
> minutes after the consumer comes back online.

Ahhh good to know,  I'm pretty impatient and wanted the updates now.  

>
> The referrals are automatically set to go to all of the masters, but
> there is no guaranteed order.  So there is no guarantee of which master
> the client will be referred to, only that it will be referred to one of
> the masters.

Well I used my script to setup a MMR agreement between 2 servers.  Then a consumer read only agreement on those 2 servers to a third server.  Replication is working over all the servers.  With one really odd quirk.  When I open up the console,  goto the configuration tab -> Replication -> userRoot.  Then I click on one of the rep agreements I get an insufficient permissions error (I'm logging in as cn=Directory Manager).

I click ok,  get prompted for a username and password (cn=Directory Manager is already in the username box).  I just click cancel and it lets me continue to view/edit/delete the rep agreement.

I restarted the server, same issue.

There aren't any err= messages in the access log and the error log doesn't have any info about the message either.

Here is the rep agreement straight from the dse.ldif file

dn: cn=Replication to xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=,dc=ec,dc=gc,
 dc=ca",cn=mapping tree,cn=config
objectClass: top
objectClass: nsDS5ReplicationAgreement
cn: Replication to xxxldap1.isb.ec.gc.ca
nsDS5ReplicaHost: xxxldap1.xxx.ec.gc.ca
nsDS5ReplicaRoot: dc=xxx,dc=ec,dc=gc,dc=ca
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: uid=RManager,cn=config
nsDS5ReplicaBindMethod: simple
nsDS5ReplicaUpdateSchedule: 0000-2359 0123456
nsds5replicaTimeout: 120
nsDS5ReplicaCredentials: {DES}S7ig2LTq5lWO65tutWo4JQ==
creatorsName: cn=directory manager
modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config
createTimestamp: 20071211223651Z
modifyTimestamp: 20071211230605Z
nsds50ruv: {replicageneration} 475f0e11000000030000
nsds50ruv: {replica 1 ldap://xxxldap1.xxx.ec.gc.ca:389} 475f11c3000000010000 4
 75f11c3000000010000
nsds50ruv: {replica 3 ldap://infinity.xxx.ec.gc.ca:389} 475f11a6000000030000 4
 75f151a000000030000
nsruvReplicaLastModified: {replica 1 ldap://xxxldap1.xxx.ec.gc.ca:389} 0000000
 0
nsruvReplicaLastModified: {replica 3 ldap://infinity.xxx.ec.gc.ca:389} 0000000
 0

Ryan Braun
Informatics Operations
Aviation and Defence Services Division
Chief Information Officer Branch, Environment Canada
CIV: (204) 833-2500x2824 CSN: 257-2824  FAX: (204) 833-2524
E-Mail: Ryan.Braun at ec.gc.ca