Hi! Thank you for fast reply. Yes, I want use standalone 389DS to replica from FreeIPA. There is my replica: filter: (objectclass=nsds5replica) requesting: All userApplication attributes # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: (objectclass=nsds5replica) # requesting: ALL #
# replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config objectClass: top objectClass: nsds5replica objectClass: extensibleObject cn: replica nsDS5ReplicaRoot: dc=example,dc=com nsDS5ReplicaId: 7 nsDS5ReplicaType: 3 nsDS5Flags: 1 nsds5ReplicaPurgeDelay: 604800 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsState:: BwAAAAAAAABZ98ZXAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAA== nsDS5ReplicaName: 496dba82-6f7a11e6-9d5ba359-5196ffe4 nsds5ReplicaChangeCount: 22 nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 So, my replica have entry "cn=replication manager" But I try add entry in agreement. Unforthunalty this is not help, error is present: [root@ldap1 ~]# ldapmodify -v -h ldap1.example.com -p 389 -D "cn=directory manager" -w ... ldap_initialize( ldap://ldap1.example.com:389 ) dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config changetype: modify replace: nsds5ReplicaBindDN nsds5ReplicaBindDN: cn=replication manager,cn=config replace nsds5ReplicaBindDN: cn=replication manager,cn=config modifying entry "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config" modify complete [root@ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors [31/Aug/2016:11:11:09 +0000] schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds! [31/Aug/2016:11:11:09 +0000] - slapd started. Listening on All Interfaces port 389 for LDAP requests [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for LDAPS requests [31/Aug/2016:11:11:09 +0000] - Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=example,dc=com [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=example,dc=com [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=example,dc=com [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin initialization. [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id [cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No such object) errno 0 (Success) [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin - agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth failed: LDAP error 32 (No such object) () ^C [root@ldap1 ~]# ldapmodify -v -h ldap1.example.com -p 389 -D "cn=directory manager" -w ... ldap_initialize( ldap://ldap1.example.com:389 ) dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config changetype: modify replace: nsds5beginreplicarefresh nsds5beginreplicarefresh: start replace nsds5beginreplicarefresh: start modifying entry "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config" modify complete [root@ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors [31/Aug/2016:11:11:09 +0000] - slapd started. Listening on All Interfaces port 389 for LDAP requests [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for LDAPS requests [31/Aug/2016:11:11:09 +0000] - Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=example,dc=com [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=example,dc=com [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=example,dc=com [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin initialization. [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id [cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No such object) errno 0 (Success) [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin - agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth failed: LDAP error 32 (No such object) () [31/Aug/2016:15:48:36 +0000] slapi_ldap_bind - Error: could not bind id [cn=replication manager,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) errno 0 (Success) ^C [root@ldap1 ~]# 2016-08-31 18:15 GMT+03:00 Mark Reynolds <[email protected]>: > > > On 08/31/2016 09:50 AM, Andrey Rogovsky wrote: > > Hi! > > I try configure manual replica from FreeIPA DS to 389 DS. > I have two VM: ldap1.example.com and ldap2.example.com > I was used this manual https://www.centos.org/docs/5/html/CDS/ag/8.0/ > Managing_Replication-Configuring-Replication-cmd.html for configure relica > > There was replica agreement before starting: > > # extended LDIF > # > # LDAPv3 > # base <cn=config> with scope subtree > # filter: (objectclass=nsds5ReplicationAgreement) > # requesting: ALL > # > > # ExampleAgreement, replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config > dn: cn=ExampleAgreement,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping > tree, > cn=config > objectClass: top > objectClass: nsds5replicationagreement > cn: ExampleAgreement > nsDS5ReplicaHost: ldap2 > nsDS5ReplicaPort: 389 > nsDS5ReplicaBindDN: cn=replication manager > nsDS5ReplicaBindMethod: SIMPLE > nsDS5ReplicaRoot: dc=example,dc=com > description: agreement between supplier1 and consumer1 > nsDS5ReplicaUpdateSchedule: 0000-0500 1 > nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE > authorityRevocationLis > t > nsDS5ReplicaCredentials: {AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRV > VHQ1NxR1NJYjNEUUVG > RERBNEJDUmxPVFl4TlRsbU5DMWtaV0UyTXpZeA0KTVMxaU1UYzFaREF3Wmkw > ek5qRmxNalkxWkFBQ > 0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQ > UVJckpINmE0S3RFYl > NhLzkxL01qZg==}Wo+c0XfBnaDhg/a36yguXg== > nsds5replicareapactive: 0 > nsds5replicaLastUpdateStart: 19700101000000Z > nsds5replicaLastUpdateEnd: 19700101000000Z > nsds5replicaChangesSentSinceStartup: > nsds5replicaLastUpdateStatus: 0 No replication sessions started since > server s > tartup > nsds5replicaUpdateInProgress: FALSE > nsds5replicaLastInitStart: 19700101000000Z > nsds5replicaLastInitEnd: 19700101000000Z > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: > > > There is errors which I get when start replica: > > > [root@ldap1 ~]# ldapmodify -v -h ldap1.example.com -p 389 -D > "cn=directory manager" -w ... > ldap_initialize( ldap://ldap1.example.com:389 ) > dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping > tree,cn=config > changetype: modify > replace: nsds5beginreplicarefresh > nsds5beginreplicarefresh: start > replace nsds5beginreplicarefresh: > start > modifying entry > "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping > tree,cn=config" > modify complete > > [root@ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors > [31/Aug/2016:11:11:09 +0000] schema-compat-plugin - schema-compat-plugin > tree scan will start in about 5 seconds! > [31/Aug/2016:11:11:09 +0000] - slapd started. Listening on All Interfaces > port 389 for LDAP requests > [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for > LDAPS requests > [31/Aug/2016:11:11:09 +0000] - Listening on /var/run/slapd-EXAMPLE-COM.socket > for LDAPI requests > [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries > set up under ou=sudoers,dc=example,dc=com > [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries > set up under cn=ng, cn=compat,dc=example,dc=com > [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries > set up under cn=computers, cn=compat,dc=example,dc=com > [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin > initialization. > [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id > [cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No > such object) errno 0 (Success) > [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin - > agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth > failed: LDAP error 32 (No such object) () > ^C > > I'm assuming this is just a standalone 389 Directory Server you are trying > to replicate to(not a freeIPA installation). If it is a freeipa > installation, then you should use the freeipa CLI for setting up > replication. > > The error 32 (no such object) you are getting is because the replica does > not have an entry "cn=replication manager". Looking at the replication > agreement: > > nsDS5ReplicaBindDN: cn=replication manager > > This is not a valid DN as there is no base suffix: For example, I would > expect to see something like "cn=replication manager,cn=config" > > https://access.redhat.com/documentation/en-US/Red_Hat_ > Directory_Server/10/html/Administration_Guide/Creating_ > the_Supplier_Bind_DN_Entry.html > > Regards, > Mark > > > Please help me fix this > > > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
