[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fedora-directory-users] Questions about setting up replicationby modifying ldap directly.



Chris G. Sellers wrote:
Sorry for jumping in here (just joined the list) but it sounds like your replication user is being blocked by an ACI that you have applied. These could be explicit or inherited from a parent OU in the tree.
And you should definitely be able to see something in the access log for host=infinity.xxx.ec.gc.ca. Keep in mind that the access log is buffered so events will not show up for a few minutes if there is no other activity.

Make sure your Replication User is not part of a ACI or make it part of a new ACI that allows objectclass=* full permissions.

Sellers

On Dec 12, 2007, at 10:12 AM, Ryan Braun wrote:

On Tuesday 11 December 2007 11:42 pm, Rich Megginson wrote:
> startconsole -D -f console.log -


Below is the last 40 lines after the error. It looks like these 3 lines tell the story though

ReplicationAgreement.updateAgreementFromServer: unable to read the replica number of changes from {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager} ReplicationAgreement.updateAgreementFromServer: unable to read the replica refresh attribute {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager} ReplicationAgreement.updateAgreementFromServer: unable to read the consumer initialization status attribute (nsds5replicalastinitstatus) {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager}




AgreementReader: start readAgreements()
AgreementReader: getFromServer()
Agreement Base DN: cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping tree,cn=config Filter: |(objectclass=nsDS5ReplicationAgreement)(objectclass=LDAPReplica)(objectclass=nsDSWindowsReplicationAgreement) ReplicationAgreement.setOrigEntryDN: cn=Replication to xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping tree,cn=config ReplicationAgreement.setEntryDN: cn=Replication to xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping tree,cn=config ReplicationAgreement.setOrigEntryDN: cn=Replication to xxxsrvr4.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping tree,cn=config ReplicationAgreement.setEntryDN: cn=Replication to xxxsrvr4.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping tree,cn=config
AgreementReader: end readAgreements()
ReplicaResourceObject.treeExpanded: this
ReplicationTool.verifyDM: authDN = <cn=Directory Manager>, authPassword = <xxxxxxxx>
getMachineDataDN: returning cn=replication,cn=config
AgreementReader: start readAgreements()
AgreementReader: getFromServer()
Agreement Base DN: cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping tree,cn=config Filter: |(objectclass=nsDS5ReplicationAgreement)(objectclass=LDAPReplica)(objectclass=nsDSWindowsReplicationAgreement) ReplicationAgreement.setOrigEntryDN: cn=Replication to xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping tree,cn=config ReplicationAgreement.setEntryDN: cn=Replication to xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping tree,cn=config ReplicationAgreement.setOrigEntryDN: cn=Replication to xxxsrvr4.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping tree,cn=config ReplicationAgreement.setEntryDN: cn=Replication to xxxsrvr4.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping tree,cn=config
AgreementReader: end readAgreements()
Add MMR Node
Class is com.netscape.admin.dirserv.panel.replication.MMRAgreement
Add MMR Node
Class is com.netscape.admin.dirserv.panel.replication.MMRAgreement
ResourceSet:getString():Unable to resolve general-Apply-ttip
ResourceSet:getString():Unable to resolve general-Reset-ttip
ResourceSet:getString():Unable to resolve general-Help-ttip
ReplicationAgreement.updateAgreementFromServer: unable to read the replica number of changes from {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager} ReplicationAgreement.updateAgreementFromServer: unable to read the replica refresh attribute {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager} ReplicationAgreement.updateAgreementFromServer: unable to read the consumer initialization status attribute (nsds5replicalastinitstatus) {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager} BlankPanel.refresh:refreshed panel data. Class com.netscape.admin.dirserv.panel.replication.AgreementInfoPanel DSEntrySet.getAttributes(): read entry from DS:LDAPEntry: cn=Replication to xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping tree,cn=config; LDAPAttributeSet: DSEntrySet.getAttributes(): attributes for this entry:[Ljava.lang.String;@1a28362 DSEntrySet.getAttributes(): failed to get attribute description in cn=Replication to xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping tree,cn=config DSEntrySet.show(): some of the attributes of cn=Replication to xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping tree,cn=config could not be read. Either they are not present in the entry or there is an ACI which prevents that attribute from being read. Try authenticating as a user with more access DSUtil.reauthenticate: begin: ldc={host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager} ReplicationAgreement.updateAgreementFromServer: unable to read the replica number of changes from {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager} ReplicationAgreement.updateAgreementFromServer: unable to read the replica refresh attribute {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager} ReplicationAgreement.updateAgreementFromServer: unable to read the consumer initialization status attribute (nsds5replicalastinitstatus) {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager} DSTabbedPanel.select: com.netscape.admin.dirserv.panel.replication.AgreementPanel[,0,0,605x468,layout=java.awt.BorderLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=9,maximumSize=,minimumSize=java.awt.Dimension[width=1,height=1],preferredSize=]

--
Fedora-directory-users mailing list
Fedora-directory-users redhat com <mailto:Fedora-directory-users redhat com>
https://www.redhat.com/mailman/listinfo/fedora-directory-users



---
Chris G. Sellers Lead Internet Engineer
National Institute for Technology & Liberal Ed.
535 West William Street, Ann Arbor, MI 48103
chris sellers nitle org <mailto:chris sellers nitle org>  734.661.2318





------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users redhat com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]