Hi Andrey,

It looks like you still did not create the replication manager entry.  
You must create that manager entry on the standalone server.  Please
read the link I sent you:

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html
<https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html>

You can verify its existence by doing this search against the standalone
server:

ldapsearch -h ldap1.example.com <http://ldap1.example.com> -p 389 -xLLL
-D "cn=directory manager" -W -b cn=config "cn=replication manager"

Mark


On 08/31/2016 11:50 AM, Andrey Rogovsky wrote:
> Hi!
> Thank you for fast reply.
> Yes, I want use standalone 389DS to replica from FreeIPA.
> There is my replica:
> filter: (objectclass=nsds5replica)
> requesting: All userApplication attributes
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope subtree
> # filter: (objectclass=nsds5replica)
> # requesting: ALL
> #
>
> # replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
> dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
> objectClass: top
> objectClass: nsds5replica
> objectClass: extensibleObject
> cn: replica
> nsDS5ReplicaRoot: dc=example,dc=com
> nsDS5ReplicaId: 7
> nsDS5ReplicaType: 3
> nsDS5Flags: 1
> nsds5ReplicaPurgeDelay: 604800
> nsDS5ReplicaBindDN: cn=replication manager,cn=config
> nsState:: BwAAAAAAAABZ98ZXAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAA==
> nsDS5ReplicaName: 496dba82-6f7a11e6-9d5ba359-5196ffe4
> nsds5ReplicaChangeCount: 22
> nsds5replicareapactive: 0
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> So, my replica have entry "cn=replication manager"
>
> But I try add entry in agreement. Unforthunalty this is not help,
> error is present:
> [root@ldap1 ~]# ldapmodify  -v -h ldap1.example.com
> <http://ldap1.example.com> -p 389 -D "cn=directory manager" -w ...
> ldap_initialize( ldap://ldap1.example.com:389
> <http://ldap1.example.com:389> )
> dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config
> changetype: modify
> replace: nsds5ReplicaBindDN
> nsds5ReplicaBindDN: cn=replication manager,cn=config
> replace nsds5ReplicaBindDN:
>         cn=replication manager,cn=config
> modifying entry
> "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config"
> modify complete
>
> [root@ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
> [31/Aug/2016:11:11:09 +0000] schema-compat-plugin -
> schema-compat-plugin tree scan will start in about 5 seconds!
> [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All
> Interfaces port 389 for LDAP requests
> [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636
> for LDAPS requests
> [31/Aug/2016:11:11:09 +0000] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
> initialization.
> [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind
> id [cn=replication manager] authentication mechanism [SIMPLE]: error
> 32 (No such object) errno 0 (Success)
> [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
> agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE
> auth failed: LDAP error 32 (No such object) ()
> ^C
> [root@ldap1 ~]# ldapmodify  -v -h ldap1.example.com
> <http://ldap1.example.com> -p 389 -D "cn=directory manager" -w ...
> ldap_initialize( ldap://ldap1.example.com:389
> <http://ldap1.example.com:389> )
> dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config
> changetype: modify
> replace: nsds5beginreplicarefresh
> nsds5beginreplicarefresh: start
> replace nsds5beginreplicarefresh:
>         start
> modifying entry
> "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config"
> modify complete
>
> [root@ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
> [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All
> Interfaces port 389 for LDAP requests
> [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636
> for LDAPS requests
> [31/Aug/2016:11:11:09 +0000] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
> initialization.
> [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind
> id [cn=replication manager] authentication mechanism [SIMPLE]: error
> 32 (No such object) errno 0 (Success)
> [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
> agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE
> auth failed: LDAP error 32 (No such object) ()
> [31/Aug/2016:15:48:36 +0000] slapi_ldap_bind - Error: could not bind
> id [cn=replication manager,cn=config] authentication mechanism
> [SIMPLE]: error 32 (No such object) errno 0 (Success)
> ^C
> [root@ldap1 ~]# 
>
>
> 2016-08-31 18:15 GMT+03:00 Mark Reynolds <marey...@redhat.com
> <mailto:marey...@redhat.com>>:
>
>
>
>     On 08/31/2016 09:50 AM, Andrey Rogovsky wrote:
>>     Hi!
>>
>>     I try configure manual replica from FreeIPA DS to 389 DS.
>>     I have two VM: ldap1.example.com <http://ldap1.example.com> and
>>     ldap2.example.com <http://ldap2.example.com>
>>     I was used this
>>     manual 
>> https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html
>>     
>> <https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html>
>>     for configure relica
>>
>>     There was replica agreement before starting:
>>
>>     # extended LDIF
>>     #
>>     # LDAPv3
>>     # base <cn=config> with scope subtree
>>     # filter: (objectclass=nsds5ReplicationAgreement)
>>     # requesting: ALL
>>     #
>>
>>     # ExampleAgreement, replica, dc\3Dexample\2Cdc\3Dcom, mapping
>>     tree, config
>>     dn:
>>     cn=ExampleAgreement,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
>>     tree,
>>      cn=config
>>     objectClass: top
>>     objectClass: nsds5replicationagreement
>>     cn: ExampleAgreement
>>     nsDS5ReplicaHost: ldap2
>>     nsDS5ReplicaPort: 389
>>     nsDS5ReplicaBindDN: cn=replication manager
>>     nsDS5ReplicaBindMethod: SIMPLE
>>     nsDS5ReplicaRoot: dc=example,dc=com
>>     description: agreement between supplier1 and consumer1
>>     nsDS5ReplicaUpdateSchedule: 0000-0500 1
>>     nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE
>>     authorityRevocationLis
>>      t
>>     nsDS5ReplicaCredentials:
>>     {AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRVVHQ1NxR1NJYjNEUUVG
>>      
>> RERBNEJDUmxPVFl4TlRsbU5DMWtaV0UyTXpZeA0KTVMxaU1UYzFaREF3Wmkwek5qRmxNalkxWkFBQ
>>      
>> 0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQUVJckpINmE0S3RFYl
>>      NhLzkxL01qZg==}Wo+c0XfBnaDhg/a36yguXg==
>>     nsds5replicareapactive: 0
>>     nsds5replicaLastUpdateStart: 19700101000000Z
>>     nsds5replicaLastUpdateEnd: 19700101000000Z
>>     nsds5replicaChangesSentSinceStartup:
>>     nsds5replicaLastUpdateStatus: 0 No replication sessions started
>>     since server s
>>      tartup
>>     nsds5replicaUpdateInProgress: FALSE
>>     nsds5replicaLastInitStart: 19700101000000Z
>>     nsds5replicaLastInitEnd: 19700101000000Z
>>
>>     # search result
>>     search: 2
>>     result: 0 Success
>>
>>     # numResponses: 2
>>     # numEntries: 
>>
>>
>>     There is errors which I get when start replica:
>>
>>
>>     [root@ldap1 ~]# ldapmodify  -v -h ldap1.example.com
>>     <http://ldap1.example.com> -p 389 -D "cn=directory manager" -w ...
>>     ldap_initialize( ldap://ldap1.example.com:389
>>     <http://ldap1.example.com:389> )
>>     dn:
>>     cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
>>     tree,cn=config
>>     changetype: modify
>>     replace: nsds5beginreplicarefresh
>>     nsds5beginreplicarefresh: start
>>     replace nsds5beginreplicarefresh:
>>             start
>>     modifying entry
>>     "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
>>     tree,cn=config"
>>     modify complete
>>
>>     [root@ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
>>     [31/Aug/2016:11:11:09 +0000] schema-compat-plugin -
>>     schema-compat-plugin tree scan will start in about 5 seconds!
>>     [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All
>>     Interfaces port 389 for LDAP requests
>>     [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port
>>     636 for LDAPS requests
>>     [31/Aug/2016:11:11:09 +0000] - Listening on
>>     /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
>>     [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no
>>     entries set up under ou=sudoers,dc=example,dc=com
>>     [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
>>     entries set up under cn=ng, cn=compat,dc=example,dc=com
>>     [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
>>     entries set up under cn=computers, cn=compat,dc=example,dc=com
>>     [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished
>>     plugin initialization.
>>     [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not
>>     bind id [cn=replication manager] authentication mechanism
>>     [SIMPLE]: error 32 (No such object) errno 0 (Success)
>>     [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
>>     agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with
>>     SIMPLE auth failed: LDAP error 32 (No such object) ()
>>     ^C
>     I'm assuming this is just a standalone 389 Directory Server you
>     are trying to replicate to(not a freeIPA installation).  If it is
>     a freeipa installation, then you should use the freeipa CLI for
>     setting up replication.
>
>     The error 32 (no such object) you are getting is because the
>     replica does not have an entry "cn=replication manager".  Looking
>     at the replication agreement:
>
>     nsDS5ReplicaBindDN: cn=replication manager
>
>     This is not a valid DN as there is no base suffix:  For example, I
>     would expect to see something like "cn=replication manager,cn=config"
>
>     
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html
>     
> <https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html>
>
>     Regards,
>     Mark
>>
>>     Please help me fix this
>>
>>
>>
>>
>
>
>
>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to