Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

2016-09-01 Thread Andrey Rogovsky 
Hi, Alexander!
Thank for your reply

I was read your link, but it not related my issue. I will start new thread,
couse replica problem is resloved.


2016-09-01 11:10 GMT+03:00 Alexander Bokovoy :

> On Thu, 01 Sep 2016, Andrey Rogovsky wrote:
>
>> Hi, Alexander!
>>
>> Than you very much for help. Now I able to start replica, but have one
>> issue - schemes is not replicated:
>>
>> [01/Sep/2016:07:04:53 +] NSMMReplicationPlugin - Warning: unable to
>> replicate schema to host ldap2, port 389. Continuing with total update
>> session.
>> [01/Sep/2016:07:04:53 +] NSMMReplicationPlugin - Beginning total
>> update
>> of replica "agmt="cn=ExampleAgreement" (ldap2:389)".
>> [01/Sep/2016:07:04:53 +] NSMMReplicationPlugin - Need to create
>> replication keep alive entry

Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

2016-09-01 Thread Alexander Bokovoy 

On Thu, 01 Sep 2016, Andrey Rogovsky wrote:

Hi, Alexander!

Than you very much for help. Now I able to start replica, but have one
issue - schemes is not replicated:

[01/Sep/2016:07:04:53 +] NSMMReplicationPlugin - Warning: unable to
replicate schema to host ldap2, port 389. Continuing with total update
session.
[01/Sep/2016:07:04:53 +] NSMMReplicationPlugin - Beginning total update
of replica "agmt="cn=ExampleAgreement" (ldap2:389)".
[01/Sep/2016:07:04:53 +] NSMMReplicationPlugin - Need to create
replication keep alive entry

Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

2016-09-01 Thread Andrey Rogovsky 
Hi, Alexander!

Than you very much for help. Now I able to start replica, but have one
issue - schemes is not replicated:

[01/Sep/2016:07:04:53 +] NSMMReplicationPlugin - Warning: unable to
replicate schema to host ldap2, port 389. Continuing with total update
session.
[01/Sep/2016:07:04:53 +] NSMMReplicationPlugin - Beginning total update
of replica "agmt="cn=ExampleAgreement" (ldap2:389)".
[01/Sep/2016:07:04:53 +] NSMMReplicationPlugin - Need to create
replication keep alive entry

Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

2016-09-01 Thread Alexander Bokovoy 

On Thu, 01 Sep 2016, Andrey Rogovsky wrote:

Hi, Alexander!

I have ldap1 - FreeIPA (master) and ldap2 - 389DS (slave)
I want one-way replica from ldap1 to ldap2
On ldap1 I was define dn replication user, replica and agreement
On ldap2 I was define replica only:

This is what you are doing wrong. Your ldap1 server will attempt to
connect to ldap2 server using the replication user credentials. It is
ldap2 which will be authenticating this request. Where would it take
information about the replication user?


filter: (objectclass=nsds5replica)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base

Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

2016-09-01 Thread Andrey Rogovsky 
Hi, Alexander!

I have ldap1 - FreeIPA (master) and ldap2 - 389DS (slave)
I want one-way replica from ldap1 to ldap2
On ldap1 I was define dn replication user, replica and agreement
On ldap2 I was define replica only:
filter: (objectclass=nsds5replica)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base

Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

2016-09-01 Thread Alexander Bokovoy 

On Thu, 01 Sep 2016, Andrey Rogovsky wrote:

Hi, Alexander!

Thank for fast reply.
I have replication manager object:
filter: (objectclass=organizationalPerson)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base

Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

2016-08-31 Thread Andrey Rogovsky 
Hi, Alexander!

Thank for fast reply.
I have replication manager object:
filter: (objectclass=organizationalPerson)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base

Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

2016-08-31 Thread Alexander Bokovoy 

On Thu, 01 Sep 2016, Andrey Rogovsky wrote:

Hi!
Thanks for your advices!
I'm try start replica and get this errors in log:
[01/Sep/2016:03:24:23 +] slapi_ldap_bind - Error: could not bind id
[cn=replication manager,cn=config] authentication mechanism [SIMPLE]: error
32 (No such object) errno 0 (Success)
[01/Sep/2016:03:24:23 +] NSMMReplicationPlugin -
agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth
failed: LDAP error 32 (No such object) ()

You've been told already that you should have replication manager object
created at both sides. Your 'cn=replicaton manager,cn=config' does not
exist at the replica.

You should read RHDS Administration Guide, at least the part about
supplier bind DN entry, but preferrably the whole chapter it is part of:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html




This is my current replica:
filter: (objectclass=nsds5replica)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base

Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

2016-08-31 Thread Andrey Rogovsky 
Hi!
Thanks for your advices!
I'm try start replica and get this errors in log:
[01/Sep/2016:03:24:23 +] slapi_ldap_bind - Error: could not bind id
[cn=replication manager,cn=config] authentication mechanism [SIMPLE]: error
32 (No such object) errno 0 (Success)
[01/Sep/2016:03:24:23 +] NSMMReplicationPlugin -
agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth
failed: LDAP error 32 (No such object) ()

This is my current replica:
filter: (objectclass=nsds5replica)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base

Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

2016-08-31 Thread Andrey Rogovsky 
Hi, Mark!

Thanks for explain. Now I create replication manager: (I hope)
[root@ldap1 ~]# ldapsearch -h ldap1.example.com -p 389 -xLLL -D
"cn=directory manager" -W -b cn=config "cn=replication manager"
Enter LDAP Password:
dn: cn=replication manager,cn=config
objectClass: inetorgperson
objectClass: person
objectClass: top
objectClass: organizationalPerson
cn: replication manager
sn: RM
userPassword::
e1NTSEF9N1JiRmNXWTFXNDA1cmdYSUdCNWJtV3RzOElNQXBhakhXam94WlE9PQ=
 =

What is next? I use manual from 8 version and this a bit obsoleted.


2016-08-31 19:30 GMT+03:00 Mark Reynolds :

> Hi Andrey,
>
> It looks like you still did not create the replication manager entry.
> You must create that manager entry on the standalone server.  Please read
> the link I sent you:
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Direct
> ory_Server/10/html/Administration_Guide/Creating_the_
> Supplier_Bind_DN_Entry.html
>
> You can verify its existence by doing this search against the standalone
> server:
>
> ldapsearch -h ldap1.example.com -p 389 -xLLL -D "cn=directory manager" -W
> -b cn=config "cn=replication manager"
>
> Mark
>
>
> On 08/31/2016 11:50 AM, Andrey Rogovsky wrote:
>
> Hi!
> Thank you for fast reply.
> Yes, I want use standalone 389DS to replica from FreeIPA.
> There is my replica:
> filter: (objectclass=nsds5replica)
> requesting: All userApplication attributes
> # extended LDIF
> #
> # LDAPv3
> # base

Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

2016-08-31 Thread Mark Reynolds 
Hi Andrey,

It looks like you still did not create the replication manager entry.  
You must create that manager entry on the standalone server.  Please
read the link I sent you:

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html


You can verify its existence by doing this search against the standalone
server:

ldapsearch -h ldap1.example.com  -p 389 -xLLL
-D "cn=directory manager" -W -b cn=config "cn=replication manager"

Mark


On 08/31/2016 11:50 AM, Andrey Rogovsky wrote:
> Hi!
> Thank you for fast reply.
> Yes, I want use standalone 389DS to replica from FreeIPA.
> There is my replica:
> filter: (objectclass=nsds5replica)
> requesting: All userApplication attributes
> # extended LDIF
> #
> # LDAPv3
> # base

Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

2016-08-31 Thread Andrey Rogovsky 
Hi!
Thank you for fast reply.
Yes, I want use standalone 389DS to replica from FreeIPA.
There is my replica:
filter: (objectclass=nsds5replica)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base

Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

2016-08-31 Thread Mark Reynolds 


On 08/31/2016 09:50 AM, Andrey Rogovsky wrote:
> Hi!
>
> I try configure manual replica from FreeIPA DS to 389 DS.
> I have two VM: ldap1.example.com  and
> ldap2.example.com 
> I was used this
> manual 
> https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html
> for configure relica
>
> There was replica agreement before starting:
>
> # extended LDIF
> #
> # LDAPv3
> # base

[Freeipa-users] Command-line replication is not works in FreeIPA-Master

2016-08-31 Thread Andrey Rogovsky 
Hi!

I try configure manual replica from FreeIPA DS to 389 DS.
I have two VM: ldap1.example.com and ldap2.example.com
I was used this manual
https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html
for configure relica

There was replica agreement before starting:

# extended LDIF
#
# LDAPv3
# base