I have a question about windows sync, in the docs it says the replica role
should be single or multi master, but with single master you can't set
update settings for the bind DN. Will this still work?
Is there a way to sync 1 way, from windows AD -> dirsrv only?
I just wonder why i'm getting: RESULT err=2 when I try to use replication
over simple SSL. The replication agreement works when I use ldap with no
encryption, but when I select SSL encryption with ldap it just gives that
error. I'm not looking to use certificates, just simple bind DN/password.
I have a setup with 3 389 Directory servers in a master-master setup
which has been working fine until now. One of the servers died this
morning due to a memory issue and now will not restart:
[18/May/2011:12:34:32 +0100] memory allocator - malloc of 1538 bytes
failed; OS error 12 (Cannot allocate memory)
The server has probably allocated all available virtual memory. To solve
this problem, make more virtual memory available to your server, or reduce
one or more of the following server configuration settings:
nsslapd-cachesize (Database Settings - Maximum entries in cache)
nsslapd-cachememsize (Database Settings - Memory available for cache)
nsslapd-dbcachesize (LDBM Plug-in Settings - Maximum cache size)
nsslapd-import-cachesize (LDBM Plug-in Settings - Import cache size).
Can't recover; calling exit(1).
I'm not unable to restart the server, the error log reports the following:
[18/May/2011:12:58:38 +0100] - 389-Directory/1.2.2 B2009.237.206 starting up
[18/May/2011:12:58:38 +0100] uuid - read_state: failed to get
[18/May/2011:12:58:38 +0100] uuid - uuid_init: failed to get generator's
[18/May/2011:12:58:38 +0100] uniqueid generator - uniqueIDGenInit:
generator initialization failed
[18/May/2011:12:58:38 +0100] - Fatal Error---Failed to initialize
uniqueid generator; error = 13. Exiting now.
Any ideas what the issue is and how to fix? Where is it trying to get
the generators state from?
This message may contain confidential and/or privileged information intended
only for the addressee.
If you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose or take any action based
on this message or any information herein. If you have received this
message in error, please advise the sender immediately by reply e-mail and
delete this message. Any views expressed in this message are those of the
individual sender and may not necessarily reflect the
opinions of austriamicrosystems AG.
Diese E-Mail enthaelt moeglicherweise vertrauliche und/oder rechtlich
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich
erhalten haben, informieren Sie bitte sofort den Absender und loeschen Sie
diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser
Mail ist nicht gestattet. Etwaige in dieser E-mail geaeusserte Ansichten und
Meinungen stammen vom Versender dieser Nachricht und muessen nicht
notwendigerweise mit den Meinungen und Ansichten von austriamicrosystems AG
From: Steven Li
Sent: 5/18/2011 [星期三] 13:50
To: Steven Li; 389-users(a)lists.fedoraproject.org; 389-devel(a)lists.fedoraproject.org
Cc: Ivan Wang
Subject: RE: 389 directory capacity query
From: Steven Li
Sent: 5/18/2011 [星期三] 13:35
To: 389-users(a)lists.fedoraproject.org; 389-devel(a)lists.fedoraproject.org
Cc: Ivan Wang
Subject: 389 directory capacity query
Now I'm begin to apply the 389 Directory server v2.6 into our env. But I want to have a check, do we have a test about the capacity of directory server ?
such as what the maximun entries can be supported, what's the best deployment for large user store.
As I need it to support max 200 millions users. do you think is it possible to store so many entries in the server, and if it's possible, how should
I retrieve it ?
We are trying to set up our 389 DS instance and everything seems to work
except that LDAP browsers cannot seem to access the schema. For example, in
the LDAPSort LDAP Admin Tool we receive the error message:
"Unable to read schema!!" Unable to read schema, please login/bind with an
account which has access to schema - You can also rebind with any entry
using the right-click menu and selecting rebind.
However, we are not trying to access the directory anonymously; we receive
this error even when binding as Directory Manager.
We also cannot browser the schema using a standard ldapsearch command.
Any ideas of how to enable schema reading?
Hi, what is the simpliest way to upgrade a master-slave replica with 4 slaves to a 4way multi-master replica,
with no, or with the less service downtime?
Global Systems Administrator
MoveOne IT Department
Eastern Europe - Balkans - CIS& Central Asia - Middle East& Africa -
phone: +36 1 266 0181 - ext.6710
mobile: +36 70 708 9953
is there somewhere a flag not to switch the entry format?
I don't have an issue with a fresh install (just add nsslapd-subtree-rename-switch: off to template-dse.ldif). But I run into issues, when I upgrade existing Fedora DS 1.1.2 to 389 DS 18.104.22.168.
I run setup-ds.pl -u .....
I noticed an issue with 389 DS 22.214.171.124, which I have not seen before. Here is what I do:
1. I create a two multi-master setup.
2. I don't perform any changes on the directory.
3. I delete the replica setup on both systems -- everything is fine.
4. I create a two multi-master setup.
5. Perform changes on both systems
6. Modifications get replicated.
7 I delete the replica setup. No I get the following error logs:
[09/May/2011:15:43:18 -0400] - import userRoot: Import complete. Processed 446 entries in 4 seconds. (111.50 entries/sec)
[09/May/2011:15:43:18 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica o=base is coming online; enabling replication
[09/May/2011:15:45:21 -0400] NSMMReplicationPlugin - agmt_delete: begin
[09/May/2011:15:45:22 -0400] NSMMReplicationPlugin - replica_config_delete: Warning: The changelog for replica o=BASE is no longer valid since the replica config is being deleted. Removing the changelog.
[09/May/2011:15:45:22 -0400] NSMMReplicationPlugin - changelog program - _cl5Add Thread: invalid changelog state - 2 <== This is good!
[09/May/2011:15:45:27 -0400] - libdb: <path to>/changelogdb/7773fd02-7a7411e0-ac71f4b1-0fb2d026_4dc840d3000000020000.db4: unable to flush: No such file or directory
[09/May/2011:15:45:27 -0400] - libdb: txn_checkpoint: failed to flush the buffer cache No such file or directory
[09/May/2011:15:45:27 -0400] - Serious Error---Failed to checkpoint database, err=2 (No such file or directory)
Of course, the changelog directory was gone. It looks to me that the server keeps this still somehow in memory.
I enabled the audit-logging: This is what I see there:
dn: cn=agreement1,cn=replica,cn=o\3dbase,cn=mapping tree,cn=config
dn: cn=replica,cn=o\3dbase,cn=mapping tree,cn=config
dn: cn=o\3dbase,cn=mapping tree,cn=config
dn: cn=uniqueid generator,cn=config
Has somebody has seen this before.
Hi, i'm trying to setup replication, and was wondering how we can create
self signed certs? The docs only say to send it to a CA, but not how to do
it yourself. I don't see where the private key is for me to do it from the