Folks, Is it possible to set up multi-master replication of NetscapeRoot configuration directory. I have tried and I can successfully initialize subscribers from the current configuration directory server. However initialization of replication in opposite direction fails.
Server 1 current conf dir -> Server 2: rplication sucsfull o=NetscapeRoot is populated Server 1 current conf dir <- Server 2: rplication failes with error: Permission denied. Error code 3
on Server 2 I had to manully create NetscapeRoot database. What am I missing?. Is it "idiot prrof" feature?
Thanks in advance for any help SysLin
Linux Admin wrote:
Folks, Is it possible to set up multi-master replication of NetscapeRoot configuration directory. I have tried and I can successfully initialize subscribers from the current configuration directory server. However initialization of replication in opposite direction fails.
Server 1 current conf dir -> Server 2: rplication sucsfull o=NetscapeRoot is populated Server 1 current conf dir <- Server 2: rplication failes with error: Permission denied. Error code 3
Part of the problem is that, when you set up a second instance, the installer automatically enables pass through authentication for the console admin user, which allows that user to login as uid=admin,.....,o=NetscapeRoot on machines which do not have o=NetscapeRoot. So the first thing you need to do is to disable the pass through auth plugin (console -> directory console -> Configuration -> Plug-ins -> Pass Through -> uncheck the Enable box - then restart the server.
on Server 2 I had to manully create NetscapeRoot database. What am I missing?. Is it "idiot prrof" feature?
Thanks in advance for any help SysLin
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Richard, Thanks, this is very good. I do not want to really disable it right now, I just want to have 2 way replication between Server 1 and Server 2, and used authenticate against server1. I would then setup in pluging authentication against both 1 and 2. Is this right way? Thank your very much for your time and advice.
On 4/28/06, Richard Megginson rmeggins@redhat.com wrote:
Linux Admin wrote:
Folks, Is it possible to set up multi-master replication of NetscapeRoot configuration directory. I have tried and I can successfully initialize subscribers from the current configuration directory server. However initialization of replication in opposite direction fails.
Server 1 current conf dir -> Server 2: rplication sucsfull o=NetscapeRoot is populated Server 1 current conf dir <- Server 2: rplication failes with error: Permission denied. Error code 3
Part of the problem is that, when you set up a second instance, the installer automatically enables pass through authentication for the console admin user, which allows that user to login as uid=admin,.....,o=NetscapeRoot on machines which do not have o=NetscapeRoot. So the first thing you need to do is to disable the pass through auth plugin (console -> directory console -> Configuration -> Plug-ins -> Pass Through -> uncheck the Enable box - then restart the server.
on Server 2 I had to manully create NetscapeRoot database. What am I missing?. Is it "idiot prrof" feature?
Thanks in advance for any help SysLin
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Linux Admin wrote:
Richard, Thanks, this is very good. I do not want to really disable it right now,
I think you may need to disable it on the replica in order to make replication work.
I just want to have 2 way replication between Server 1 and Server 2, and used authenticate against server1. I would then setup in pluging authentication against both 1 and 2. Is this right way? Thank your very much for your time and advice.
On 4/28/06, *Richard Megginson* <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Linux Admin wrote: > Folks, > Is it possible to set up multi-master replication of NetscapeRoot > configuration directory. > I have tried and I can successfully initialize subscribers from the > current configuration directory server. > However initialization of replication in opposite direction fails. > > Server 1 current conf dir -> Server 2: rplication sucsfull > o=NetscapeRoot is populated > Server 1 current conf dir <- Server 2: rplication failes with error: > Permission denied. Error code 3 Part of the problem is that, when you set up a second instance, the installer automatically enables pass through authentication for the console admin user, which allows that user to login as uid=admin,.....,o=NetscapeRoot on machines which do not have o=NetscapeRoot. So the first thing you need to do is to disable the pass through auth plugin (console -> directory console -> Configuration -> Plug-ins -> Pass Through -> uncheck the Enable box - then restart the server. > > on Server 2 I had to manully create NetscapeRoot database. > What am I missing?. Is it "idiot prrof" feature? > > Thanks in advance for any help > SysLin > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Richard, Thanks, let me try. I am surprised there is no documentation at all on NetScape root replication. You help is very much appricated
On 4/28/06, Richard Megginson rmeggins@redhat.com wrote:
Linux Admin wrote:
Richard, Thanks, this is very good. I do not want to really disable it right now,
I think you may need to disable it on the replica in order to make replication work.
I just want to have 2 way replication between Server 1 and Server 2, and used authenticate against server1. I would then setup in pluging authentication against both 1 and 2. Is this right way? Thank your very much for your time and advice.
On 4/28/06, *Richard Megginson* <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Linux Admin wrote: > Folks, > Is it possible to set up multi-master replication of NetscapeRoot > configuration directory. > I have tried and I can successfully initialize subscribers from
the
> current configuration directory server. > However initialization of replication in opposite direction fails. > > Server 1 current conf dir -> Server 2: rplication sucsfull > o=NetscapeRoot is populated > Server 1 current conf dir <- Server 2: rplication failes with
error:
> Permission denied. Error code 3 Part of the problem is that, when you set up a second instance, the installer automatically enables pass through authentication for the console admin user, which allows that user to login as uid=admin,.....,o=NetscapeRoot on machines which do not have o=NetscapeRoot. So the first thing you need to do is to disable the pass through auth plugin (console -> directory console -> Configuration -> Plug-ins -> Pass Through -> uncheck the Enable box - then restart the server. > > on Server 2 I had to manully create NetscapeRoot database. > What am I missing?. Is it "idiot prrof" feature? > > Thanks in advance for any help > SysLin > >
> > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Richard, I have tried disabling the pass-through on server 2 and unfortunately I still can not replicate from 2 to 1. Replications from 1 to 2 works fine. I had to manually create NetscapeRoot on 2 initially, could be it that is created with different set of attributes then on 1. The error is 3. Permission denied. What else could it be. Thanks for all your help.
On 4/28/06, Linux Admin sysadmin.linux@gmail.com wrote:
Richard, Thanks, let me try. I am surprised there is no documentation at all on NetScape root replication. You help is very much appricated
On 4/28/06, Richard Megginson rmeggins@redhat.com wrote:
Linux Admin wrote:
Richard, Thanks, this is very good. I do not want to really disable it right now,
I think you may need to disable it on the replica in order to make replication work.
I just want to have 2 way replication between Server 1 and Server 2, and used authenticate against server1. I would then setup in pluging authentication against both 1 and 2. Is this right way? Thank your very much for your time and advice.
On 4/28/06, *Richard Megginson* < rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Linux Admin wrote: > Folks, > Is it possible to set up multi-master replication of
NetscapeRoot
> configuration directory. > I have tried and I can successfully initialize subscribers from
the
> current configuration directory server. > However initialization of replication in opposite direction
fails.
> > Server 1 current conf dir -> Server 2: rplication sucsfull > o=NetscapeRoot is populated > Server 1 current conf dir <- Server 2: rplication failes with
error:
> Permission denied. Error code 3 Part of the problem is that, when you set up a second instance,
the
installer automatically enables pass through authentication for
the
console admin user, which allows that user to login as uid=admin,.....,o=NetscapeRoot on machines which do not have o=NetscapeRoot. So the first thing you need to do is to disable
the
pass through auth plugin (console -> directory console -> Configuration -> Plug-ins -> Pass Through -> uncheck the Enable box - then restart the server. > > on Server 2 I had to manully create NetscapeRoot database. > What am I missing?. Is it "idiot prrof" feature? > > Thanks in advance for any help > SysLin > >
> > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Linux Admin wrote:
Richard, I have tried disabling the pass-through on server 2 and unfortunately I still can not replicate from 2 to 1. Replications from 1 to 2 works fine. I had to manually create NetscapeRoot on 2 initially, could be it that is created with different set of attributes then on 1. The error is 3. Permission denied.
Make sure the user you are using as your supplier DN on server 1 exists on server 1 (and likewise for server 2). Try using ldapsearch from the command line - bind with your supplier DN and password - to see if you can use those credentials to search the suffix on both servers.
What else could it be. Thanks for all your help.
On 4/28/06, *Linux Admin* <sysadmin.linux@gmail.com mailto:sysadmin.linux@gmail.com> wrote:
Richard, Thanks, let me try. I am surprised there is no documentation at all on NetScape root replication. You help is very much appricated On 4/28/06, * Richard Megginson* <rmeggins@redhat.com <mailto:rmeggins@redhat.com>> wrote: Linux Admin wrote: > Richard, > Thanks, this is very good. > I do not want to really disable it right now, I think you may need to disable it on the replica in order to make replication work. > I just want to have 2 way replication between Server 1 and Server 2, > and used authenticate against server1. I would then setup in pluging > authentication against both 1 and 2. Is this right way? > Thank your very much for your time and advice. > > > On 4/28/06, *Richard Megginson* < rmeggins@redhat.com <mailto:rmeggins@redhat.com> > <mailto: rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote: > > Linux Admin wrote: > > Folks, > > Is it possible to set up multi-master replication of NetscapeRoot > > configuration directory. > > I have tried and I can successfully initialize subscribers from the > > current configuration directory server. > > However initialization of replication in opposite direction fails. > > > > Server 1 current conf dir -> Server 2: rplication sucsfull > > o=NetscapeRoot is populated > > Server 1 current conf dir <- Server 2: rplication failes with error: > > Permission denied. Error code 3 > Part of the problem is that, when you set up a second instance, the > installer automatically enables pass through authentication for the > console admin user, which allows that user to login as > uid=admin,.....,o=NetscapeRoot on machines which do not have > o=NetscapeRoot. So the first thing you need to do is to disable the > pass through auth plugin (console -> directory console -> > Configuration > -> Plug-ins -> Pass Through -> uncheck the Enable box - then > restart the > server. > > > > on Server 2 I had to manully create NetscapeRoot database. > > What am I missing?. Is it "idiot prrof" feature? > > > > Thanks in advance for any help > > SysLin > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users <https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
both servers has this enty in dse.ldif under /opt/fedora-ds/<server-name>/config
dn: cn=replication manager,cn=config objectClass: inetorgperson objectClass: person objectClass: top objectClass: organizationalPerson cn: replication manager sn: RM userPassword: passwordExpirationTime: 20380119031407Z
Is this sufficent?
On 5/1/06, Richard Megginson rmeggins@redhat.com wrote:
Linux Admin wrote:
Richard, I have tried disabling the pass-through on server 2 and unfortunately I still can not replicate from 2 to 1. Replications from 1 to 2 works fine. I had to manually create NetscapeRoot on 2 initially, could be it that is created with different set of attributes then on 1. The error is 3. Permission denied.
Make sure the user you are using as your supplier DN on server 1 exists on server 1 (and likewise for server 2). Try using ldapsearch from the command line - bind with your supplier DN and password - to see if you can use those credentials to search the suffix on both servers.
What else could it be. Thanks for all your help.
On 4/28/06, *Linux Admin* <sysadmin.linux@gmail.com mailto:sysadmin.linux@gmail.com> wrote:
Richard, Thanks, let me try. I am surprised there is no documentation at all on NetScape root replication. You help is very much appricated On 4/28/06, * Richard Megginson* <rmeggins@redhat.com <mailto:rmeggins@redhat.com>> wrote: Linux Admin wrote: > Richard, > Thanks, this is very good. > I do not want to really disable it right now, I think you may need to disable it on the replica in order to
make
replication work. > I just want to have 2 way replication between Server 1 and Server 2, > and used authenticate against server1. I would then setup in pluging > authentication against both 1 and 2. Is this right way? > Thank your very much for your time and advice. > > > On 4/28/06, *Richard Megginson* < rmeggins@redhat.com <mailto:rmeggins@redhat.com> > <mailto: rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote: > > Linux Admin wrote: > > Folks, > > Is it possible to set up multi-master replication of NetscapeRoot > > configuration directory. > > I have tried and I can successfully initialize subscribers from the > > current configuration directory server. > > However initialization of replication in opposite direction fails. > > > > Server 1 current conf dir -> Server 2: rplication
sucsfull
> > o=NetscapeRoot is populated > > Server 1 current conf dir <- Server 2: rplication failes with error: > > Permission denied. Error code 3 > Part of the problem is that, when you set up a second instance, the > installer automatically enables pass through authentication for the > console admin user, which allows that user to login as > uid=admin,.....,o=NetscapeRoot on machines which do not
have
> o=NetscapeRoot. So the first thing you need to do is to disable the > pass through auth plugin (console -> directory console -> > Configuration > -> Plug-ins -> Pass Through -> uncheck the Enable box -
then
> restart the > server. > > > > on Server 2 I had to manully create NetscapeRoot
database.
> > What am I missing?. Is it "idiot prrof" feature? > > > > Thanks in advance for any help > > SysLin > > > > >
> > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users <https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > >
> > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Linux Admin wrote:
both servers has this enty in dse.ldif under /opt/fedora-ds/<server-name>/config
dn: cn=replication manager,cn=config objectClass: inetorgperson objectClass: person objectClass: top objectClass: organizationalPerson cn: replication manager sn: RM userPassword: passwordExpirationTime: 20380119031407Z
Is this sufficent?
That's necessary, but perhaps not sufficient. Now, try ldapsearch to bind and search each directory server using the cn=replication manager,cn=config user. Then, verify that in your Replica configuration you have specified cn=replication manager,cn=config as the supplier DN.
On 5/1/06, *Richard Megginson* <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Linux Admin wrote: > Richard, > I have tried disabling the pass-through on server 2 and unfortunately > I still can not replicate from 2 to 1. > Replications from 1 to 2 works fine. I had to manually create > NetscapeRoot on 2 initially, could be it that is created with > different set of attributes then on 1. > The error is 3. Permission denied. Make sure the user you are using as your supplier DN on server 1 exists on server 1 (and likewise for server 2). Try using ldapsearch from the command line - bind with your supplier DN and password - to see if you can use those credentials to search the suffix on both servers. > What else could it be. > Thanks for all your help. > > > > On 4/28/06, *Linux Admin* <sysadmin.linux@gmail.com <mailto:sysadmin.linux@gmail.com> > <mailto: sysadmin.linux@gmail.com <mailto:sysadmin.linux@gmail.com>>> wrote: > > Richard, > Thanks, let me try. I am surprised there is no documentation at > all on NetScape root replication. > You help is very much appricated > > > > > On 4/28/06, * Richard Megginson* <rmeggins@redhat.com <mailto:rmeggins@redhat.com> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote: > > Linux Admin wrote: > > Richard, > > Thanks, this is very good. > > I do not want to really disable it right now, > I think you may need to disable it on the replica in order to make > replication work. > > I just want to have 2 way replication between Server 1 and > Server 2, > > and used authenticate against server1. I would then setup in > pluging > > authentication against both 1 and 2. Is this right way? > > Thank your very much for your time and advice. > > > > > > On 4/28/06, *Richard Megginson* < rmeggins@redhat.com <mailto:rmeggins@redhat.com> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>> > > <mailto: rmeggins@redhat.com <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>> > wrote: > > > > Linux Admin wrote: > > > Folks, > > > Is it possible to set up multi-master replication of > NetscapeRoot > > > configuration directory. > > > I have tried and I can successfully initialize > subscribers from the > > > current configuration directory server. > > > However initialization of replication in opposite > direction fails. > > > > > > Server 1 current conf dir -> Server 2: rplication sucsfull > > > o=NetscapeRoot is populated > > > Server 1 current conf dir <- Server 2: rplication > failes with error: > > > Permission denied. Error code 3 > > Part of the problem is that, when you set up a second > instance, the > > installer automatically enables pass through > authentication for the > > console admin user, which allows that user to login as > > uid=admin,.....,o=NetscapeRoot on machines which do not have > > o=NetscapeRoot. So the first thing you need to do is to > disable the > > pass through auth plugin (console -> directory console -> > > Configuration > > -> Plug-ins -> Pass Through -> uncheck the Enable box - then > > restart the > > server. > > > > > > on Server 2 I had to manully create NetscapeRoot database. > > > What am I missing?. Is it "idiot prrof" feature? > > > > > > Thanks in advance for any help > > > SysLin > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto:Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto:Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>>> > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > < https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto:Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto:Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>>> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > ------------------------------------------------------------------------ > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto:Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> https://www.redhat.com/mailman/listinfo/fedora-directory-users
Richard, Here is more detail error message [01/May/2006:18:21:38 -0500] NSMMReplicationPlugin - agmt="cn=F04T02NET" (serve01:1389): Unable to acquire replica: permission denied. The bind dn "cn=replication manager,cn=config" does not have permission to supply replication updates to the replica. Will retry later
On 5/1/06, Richard Megginson rmeggins@redhat.com wrote:
Linux Admin wrote:
Richard, I have tried disabling the pass-through on server 2 and unfortunately I still can not replicate from 2 to 1. Replications from 1 to 2 works fine. I had to manually create NetscapeRoot on 2 initially, could be it that is created with different set of attributes then on 1. The error is 3. Permission denied.
Make sure the user you are using as your supplier DN on server 1 exists on server 1 (and likewise for server 2). Try using ldapsearch from the command line - bind with your supplier DN and password - to see if you can use those credentials to search the suffix on both servers.
What else could it be. Thanks for all your help.
On 4/28/06, *Linux Admin* <sysadmin.linux@gmail.com mailto:sysadmin.linux@gmail.com> wrote:
Richard, Thanks, let me try. I am surprised there is no documentation at all on NetScape root replication. You help is very much appricated On 4/28/06, * Richard Megginson* <rmeggins@redhat.com <mailto:rmeggins@redhat.com>> wrote: Linux Admin wrote: > Richard, > Thanks, this is very good. > I do not want to really disable it right now, I think you may need to disable it on the replica in order to
make
replication work. > I just want to have 2 way replication between Server 1 and Server 2, > and used authenticate against server1. I would then setup in pluging > authentication against both 1 and 2. Is this right way? > Thank your very much for your time and advice. > > > On 4/28/06, *Richard Megginson* < rmeggins@redhat.com <mailto:rmeggins@redhat.com> > <mailto: rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote: > > Linux Admin wrote: > > Folks, > > Is it possible to set up multi-master replication of NetscapeRoot > > configuration directory. > > I have tried and I can successfully initialize subscribers from the > > current configuration directory server. > > However initialization of replication in opposite direction fails. > > > > Server 1 current conf dir -> Server 2: rplication
sucsfull
> > o=NetscapeRoot is populated > > Server 1 current conf dir <- Server 2: rplication failes with error: > > Permission denied. Error code 3 > Part of the problem is that, when you set up a second instance, the > installer automatically enables pass through authentication for the > console admin user, which allows that user to login as > uid=admin,.....,o=NetscapeRoot on machines which do not
have
> o=NetscapeRoot. So the first thing you need to do is to disable the > pass through auth plugin (console -> directory console -> > Configuration > -> Plug-ins -> Pass Through -> uncheck the Enable box -
then
> restart the > server. > > > > on Server 2 I had to manully create NetscapeRoot
database.
> > What am I missing?. Is it "idiot prrof" feature? > > > > Thanks in advance for any help > > SysLin > > > > >
> > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users <https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > >
> > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Linux Admin wrote:
Richard, Here is more detail error message [01/May/2006:18:21:38 -0500] NSMMReplicationPlugin - agmt="cn=F04T02NET" (serve01:1389): Unable to acquire replica: permission denied. The bind dn "cn=replication manager,cn=config" does not have permission to supply replication updates to the replica. Will retry later
This usually means there is no supplier DN given in the replica config, or there is a spelling error in the supplier DN name.
On 5/1/06, *Richard Megginson* <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Linux Admin wrote: > Richard, > I have tried disabling the pass-through on server 2 and unfortunately > I still can not replicate from 2 to 1. > Replications from 1 to 2 works fine. I had to manually create > NetscapeRoot on 2 initially, could be it that is created with > different set of attributes then on 1. > The error is 3. Permission denied. Make sure the user you are using as your supplier DN on server 1 exists on server 1 (and likewise for server 2). Try using ldapsearch from the command line - bind with your supplier DN and password - to see if you can use those credentials to search the suffix on both servers. > What else could it be. > Thanks for all your help. > > > > On 4/28/06, *Linux Admin* <sysadmin.linux@gmail.com <mailto:sysadmin.linux@gmail.com> > <mailto: sysadmin.linux@gmail.com <mailto:sysadmin.linux@gmail.com>>> wrote: > > Richard, > Thanks, let me try. I am surprised there is no documentation at > all on NetScape root replication. > You help is very much appricated > > > > > On 4/28/06, * Richard Megginson* <rmeggins@redhat.com <mailto:rmeggins@redhat.com> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote: > > Linux Admin wrote: > > Richard, > > Thanks, this is very good. > > I do not want to really disable it right now, > I think you may need to disable it on the replica in order to make > replication work. > > I just want to have 2 way replication between Server 1 and > Server 2, > > and used authenticate against server1. I would then setup in > pluging > > authentication against both 1 and 2. Is this right way? > > Thank your very much for your time and advice. > > > > > > On 4/28/06, *Richard Megginson* < rmeggins@redhat.com <mailto:rmeggins@redhat.com> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>> > > <mailto: rmeggins@redhat.com <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>>> > wrote: > > > > Linux Admin wrote: > > > Folks, > > > Is it possible to set up multi-master replication of > NetscapeRoot > > > configuration directory. > > > I have tried and I can successfully initialize > subscribers from the > > > current configuration directory server. > > > However initialization of replication in opposite > direction fails. > > > > > > Server 1 current conf dir -> Server 2: rplication sucsfull > > > o=NetscapeRoot is populated > > > Server 1 current conf dir <- Server 2: rplication > failes with error: > > > Permission denied. Error code 3 > > Part of the problem is that, when you set up a second > instance, the > > installer automatically enables pass through > authentication for the > > console admin user, which allows that user to login as > > uid=admin,.....,o=NetscapeRoot on machines which do not have > > o=NetscapeRoot. So the first thing you need to do is to > disable the > > pass through auth plugin (console -> directory console -> > > Configuration > > -> Plug-ins -> Pass Through -> uncheck the Enable box - then > > restart the > > server. > > > > > > on Server 2 I had to manully create NetscapeRoot database. > > > What am I missing?. Is it "idiot prrof" feature? > > > > > > Thanks in advance for any help > > > SysLin > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto:Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto:Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>>> > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > < https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto:Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto:Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>>> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > ------------------------------------------------------------------------ > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto:Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org