Hi, Alexander! I have ldap1 - FreeIPA (master) and ldap2 - 389DS (slave) I want one-way replica from ldap1 to ldap2 On ldap1 I was define dn replication user, replica and agreement On ldap2 I was define replica only: filter: (objectclass=nsds5replica) requesting: All userApplication attributes # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: (objectclass=nsds5replica) # requesting: ALL #
# replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config objectClass: top objectClass: nsds5replica objectClass: extensibleObject cn: replica nsDS5ReplicaRoot: dc=example,dc=com nsDS5ReplicaType: 2 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5Flags: 0 nsDS5ReplicaId: 65535 nsState:: //8AAAAAAABY2sZXAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAA== nsDS5ReplicaName: 06154b02-6f7e11e6-b236be05-3db8a3e8 nsds5ReplicaChangeCount: 0 nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Does I need define DN replication user on ldap2? 2016-09-01 8:57 GMT+03:00 Alexander Bokovoy <aboko...@redhat.com>: > On Thu, 01 Sep 2016, Andrey Rogovsky wrote: > >> Hi, Alexander! >> >> Thank for fast reply. >> I have replication manager object: >> filter: (objectclass=organizationalPerson) >> requesting: All userApplication attributes >> # extended LDIF >> # >> # LDAPv3 >> # base <cn=config> with scope subtree >> # filter: (objectclass=organizationalPerson) >> # requesting: ALL >> # >> >> # replication manager, config >> dn: cn=replication manager,cn=config >> objectClass: inetorgperson >> objectClass: person >> objectClass: top >> objectClass: organizationalPerson >> cn: replication manager >> sn: RM >> userPassword:: >> e1NTSEF9d281RGZOTTlCSEVWTEhxY1lTcGs0WHdjRXplemU4S280S3EwWnc9PQ= >> = >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 2 >> # numEntries: 1 >> >> But error is present. >> > You have two LDAP servers. If you have replication going in both > directions, you need to have the replication bind entry defined on both > servers. > > If you have replication going in one direction, then the target server > should have this replication bind entry defined. > > Where do you have this entry? > > > > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
