Guys i found the problem and don't know how to solve it.. DN's which have ACLs on them (administrativerole, accesscontrolsubentry) don't replicate attributes even when I grant everything for everyone. When i remove ACLs, everything works. I tested this on both master and slave clear servers, just added new partition, DN and ACL on it. I suppose this is not intended. Maybe its bug?
On 05/10/2012 01:01 PM, Kiran Ayyagari wrote: > try with a clean slave and see if you get the same error (it shouldn't > happen, report here otherwise will take a look) > > On Thu, May 10, 2012 at 4:28 PM, houmles <houm...@gmail.com> wrote: >> maybe, but i really don't remember, i did lot of experiments to get full >> replication working >> >> On 05/10/2012 12:46 PM, Kiran Ayyagari wrote: >>> did you, by any chance, modify the password of the user in slave to the same >>> value that is being replicated later? >>> >>> On Thu, May 10, 2012 at 4:01 PM, houmles <houm...@gmail.com> wrote: >>>> i have only 2 test users on that ldap, i am in testing phase before >>>> deploying to live so definitely no one changing password. >>>> this error popups in the same time as i changed the value and slave >>>> tried to sync. >>>> >>>> On 05/10/2012 12:26 PM, Kiran Ayyagari wrote: >>>>> this error is not related to replication, it is a password policy related >>>>> error >>>>> some user is trying to change the password but is giving a value that he >>>>> has >>>>> used earlier as password. >>>>> >>>>> >>>>> On Thu, May 10, 2012 at 3:53 PM, houmles <houm...@gmail.com> wrote: >>>>>> This error shows on slave server. I happens only when i tried to modify >>>>>> any attribute. DN syncing works and don't have any errors. >>>>>> >>>>>> jvm 1 | [12:18:39] ERROR >>>>>> [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] >>>>>> - invalid reuse of password present in password history >>>>>> jvm 1 | >>>>>> org.apache.directory.shared.ldap.model.exception.LdapOperationException: >>>>>> invalid reuse of password present in password history >>>>>> jvm 1 | at >>>>>> org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:956) >>>>>> jvm 1 | at >>>>>> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:599) >>>>>> jvm 1 | at >>>>>> org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:248) >>>>>> jvm 1 | at >>>>>> org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:660) >>>>>> jvm 1 | at >>>>>> org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:590) >>>>>> jvm 1 | at >>>>>> org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:564) >>>>>> jvm 1 | at >>>>>> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.modify(ReplicationConsumerImpl.java:985) >>>>>> jvm 1 | at >>>>>> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.handleSearchResult(ReplicationConsumerImpl.java:361) >>>>>> jvm 1 | at >>>>>> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.doSyncSearch(ReplicationConsumerImpl.java:618) >>>>>> jvm 1 | at >>>>>> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.startSync(ReplicationConsumerImpl.java:505) >>>>>> jvm 1 | at >>>>>> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:548) >>>>>> jvm 1 | at >>>>>> org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660) >>>>>> jvm 1 | at java.lang.Thread.run(Thread.java:722) >>>>>> >>>>>> On 05/10/2012 11:23 AM, Kiran Ayyagari wrote: >>>>>>> this looks valid, do you have any error logs? >>>>>>> >>>>>>> On Thu, May 10, 2012 at 2:09 PM, houmles <houm...@gmail.com> wrote: >>>>>>>> here it is: >>>>>>>> >>>>>>>> dn: >>>>>>>> ads-replconsumerid=1,ou=replConsumers,ads-serverId=ldapServer,ou=servers >>>>>>>> ,ads-directoryServiceId=default,ou=config >>>>>>>> objectclass: top >>>>>>>> objectclass: ads-base >>>>>>>> objectclass: ads-replConsumer >>>>>>>> ads-replaliasderefmode: never >>>>>>>> ads-replattributes: * >>>>>>>> ads-replconsumerid: 1 >>>>>>>> ads-replprovhostname: x.x.x.x >>>>>>>> ads-replprovport: 10389 >>>>>>>> ads-replrefreshinterval: 60000 >>>>>>>> ads-replrefreshnpersist: true >>>>>>>> ads-replsearchfilter: (objectClass=*) >>>>>>>> ads-replsearchscope: sub >>>>>>>> ads-replsearchsizelimit: 0 >>>>>>>> ads-replsearchtimeout: 0 >>>>>>>> ads-repluserdn: uid=admin,ou=system >>>>>>>> ads-repluserpassword:: xxxxxxxxx >>>>>>>> ads-searchbasedn: dc=xxx,dc=xx >>>>>>>> ads-replstrictcertvalidation: false >>>>>>>> ads-replusetls: false >>>>>>>> >>>>>>>> On 05/10/2012 10:29 AM, Kiran Ayyagari wrote: >>>>>>>>> can you provide the complete entry data with DN >>>>>>>>> >>>>>>>>> ads-replConsumerId=<whatever-id-you-have-here>,ou=replConsumers,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config >>>>>>>>> >>>>>>>>> (remove the seerver IP and user credentials if they are sensitive) >>>>>>>>> >>>>>>>>> On Thu, May 10, 2012 at 1:38 PM, houmles <houm...@gmail.com> wrote: >>>>>>>>>> ups, forgot to mention 2.0.0-M6 >>>>>>>>>> >>>>>>>>>> On 05/10/2012 10:00 AM, Emmanuel Lécharny wrote: >>>>>>>>>>> Le 5/10/12 9:48 AM, houmles a écrit : >>>>>>>>>>>> Hi, >>>>>>>>>>> Hi, >>>>>>>>>>>> I have fully working one ADS and want to replicate it to another. I >>>>>>>>>>>> followed some tutorial and managed to replicate it but only just >>>>>>>>>>>> DN's. I >>>>>>>>>>>> can't get to sync attributes inside. >>>>>>>>>>>> >>>>>>>>>>>> My setting are: >>>>>>>>>>>> ads-replsearchfilter: (objectClass=*) >>>>>>>>>>>> ads-replsearchscope: sub >>>>>>>>>>>> >>>>>>>>>>>> is that ok? >>>>>>>>>>>> I want to achieve full 1:1 replication. >>>>>>>>>>>> >>>>>>>>>>>> Thanks >>>>>>>>>>> Which ADS version are you using ? >>>>>>>>>>> >>>>>>>>>>> >>> > >
