On 08/31/2016 09:50 AM, Andrey Rogovsky wrote:
> Hi!
>
> I try configure manual replica from FreeIPA DS to 389 DS.
> I have two VM: ldap1.example.com <http://ldap1.example.com> and
> ldap2.example.com <http://ldap2.example.com>
> I was used this
> manual 
> https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html
> for configure relica
>
> There was replica agreement before starting:
>
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope subtree
> # filter: (objectclass=nsds5ReplicationAgreement)
> # requesting: ALL
> #
>
> # ExampleAgreement, replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
> dn:
> cn=ExampleAgreement,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,
>  cn=config
> objectClass: top
> objectClass: nsds5replicationagreement
> cn: ExampleAgreement
> nsDS5ReplicaHost: ldap2
> nsDS5ReplicaPort: 389
> nsDS5ReplicaBindDN: cn=replication manager
> nsDS5ReplicaBindMethod: SIMPLE
> nsDS5ReplicaRoot: dc=example,dc=com
> description: agreement between supplier1 and consumer1
> nsDS5ReplicaUpdateSchedule: 0000-0500 1
> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE
> authorityRevocationLis
>  t
> nsDS5ReplicaCredentials:
> {AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRVVHQ1NxR1NJYjNEUUVG
>  RERBNEJDUmxPVFl4TlRsbU5DMWtaV0UyTXpZeA0KTVMxaU1UYzFaREF3Wmkwek5qRmxNalkxWkFBQ
>  0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQUVJckpINmE0S3RFYl
>  NhLzkxL01qZg==}Wo+c0XfBnaDhg/a36yguXg==
> nsds5replicareapactive: 0
> nsds5replicaLastUpdateStart: 19700101000000Z
> nsds5replicaLastUpdateEnd: 19700101000000Z
> nsds5replicaChangesSentSinceStartup:
> nsds5replicaLastUpdateStatus: 0 No replication sessions started since
> server s
>  tartup
> nsds5replicaUpdateInProgress: FALSE
> nsds5replicaLastInitStart: 19700101000000Z
> nsds5replicaLastInitEnd: 19700101000000Z
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 
>
>
> There is errors which I get when start replica:
>
>
> [root@ldap1 ~]# ldapmodify  -v -h ldap1.example.com
> <http://ldap1.example.com> -p 389 -D "cn=directory manager" -w ...
> ldap_initialize( ldap://ldap1.example.com:389
> <http://ldap1.example.com:389> )
> dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config
> changetype: modify
> replace: nsds5beginreplicarefresh
> nsds5beginreplicarefresh: start
> replace nsds5beginreplicarefresh:
>         start
> modifying entry
> "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config"
> modify complete
>
> [root@ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
> [31/Aug/2016:11:11:09 +0000] schema-compat-plugin -
> schema-compat-plugin tree scan will start in about 5 seconds!
> [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All
> Interfaces port 389 for LDAP requests
> [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636
> for LDAPS requests
> [31/Aug/2016:11:11:09 +0000] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
> initialization.
> [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind
> id [cn=replication manager] authentication mechanism [SIMPLE]: error
> 32 (No such object) errno 0 (Success)
> [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
> agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE
> auth failed: LDAP error 32 (No such object) ()
> ^C
I'm assuming this is just a standalone 389 Directory Server you are
trying to replicate to(not a freeIPA installation).  If it is a freeipa
installation, then you should use the freeipa CLI for setting up
replication.

The error 32 (no such object) you are getting is because the replica
does not have an entry "cn=replication manager".  Looking at the
replication agreement:

nsDS5ReplicaBindDN: cn=replication manager

This is not a valid DN as there is no base suffix:  For example, I would
expect to see something like "cn=replication manager,cn=config"

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html

Regards,
Mark
>
> Please help me fix this
>
>
>
>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to