On Thu, 01 Sep 2016, Andrey Rogovsky wrote:
Hi, Alexander!

I have ldap1 - FreeIPA (master) and ldap2 - 389DS (slave)
I want one-way replica from ldap1 to ldap2
On ldap1 I was define dn replication user, replica and agreement
On ldap2 I was define replica only:
This is what you are doing wrong. Your ldap1 server will attempt to
connect to ldap2 server using the replication user credentials. It is
ldap2 which will be authenticating this request. Where would it take
information about the replication user?

filter: (objectclass=nsds5replica)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (objectclass=nsds5replica)
# requesting: ALL
#

# replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: nsds5replica
objectClass: extensibleObject
cn: replica
nsDS5ReplicaRoot: dc=example,dc=com
nsDS5ReplicaType: 2
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5Flags: 0
nsDS5ReplicaId: 65535
nsState:: //8AAAAAAABY2sZXAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAA==
nsDS5ReplicaName: 06154b02-6f7e11e6-b236be05-3db8a3e8
nsds5ReplicaChangeCount: 0
nsds5replicareapactive: 0

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Does I need define DN replication user on ldap2?


2016-09-01 8:57 GMT+03:00 Alexander Bokovoy <aboko...@redhat.com>:

On Thu, 01 Sep 2016, Andrey Rogovsky wrote:

Hi, Alexander!

Thank for fast reply.
I have replication manager object:
filter: (objectclass=organizationalPerson)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (objectclass=organizationalPerson)
# requesting: ALL
#

# replication manager, config
dn: cn=replication manager,cn=config
objectClass: inetorgperson
objectClass: person
objectClass: top
objectClass: organizationalPerson
cn: replication manager
sn: RM
userPassword::
e1NTSEF9d281RGZOTTlCSEVWTEhxY1lTcGs0WHdjRXplemU4S280S3EwWnc9PQ=
=

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

But error is present.

You have two LDAP servers. If you have replication going in both
directions, you need to have the replication bind entry defined on both
servers.

If you have replication going in one direction, then the target server
should have this replication bind entry defined.

Where do you have this entry?



--
/ Alexander Bokovoy


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to