Re: [389-users] LDAP server is unwilling to perform

Tue, 13 Mar 2012 10:08:49 -0700

I see a white space between MYDOMAIN\2C and dc\3Dcom in the agreement DN. Basically, it should have been automatically removed.
dn: cn=389 to analog,cn=replica,cn=dc\3DMYDOMAIN\2C dc\3Dcom,cn=mapping tree,cn=config 

[13/Mar/2012:11:31:12 -0400] NSMMReplicationPlugin - agmtlist_add_callback: Can't start 
agreement "cn=389-01 to analog-01v,cn=replica,cn=dc\3dMYDOMAIN\2c 
dc\3dcom,cn=mapping tree,cn=config"

Could you try removing the white space (by editing your dse.ldif)?
1. shutdown the server
2. edit /etc/dirsrv/slapd-YOURID/dse.ldif
   dn: cn=389 to analog,cn=replica,cn=dc\3DMYDOMAIN\2C dc\3Dcom,cn=mapping 
tree,cn=config
   ==>
   dn: cn=389 to analog,cn=replica,cn=dc\3DMYDOMAIN\2Cdc\3Dcom,cn=mapping 
tree,cn=config
3. restart the server


mja...@guesswho.com wrote:


Looks like this:


[root@x-web-389-01 ~]# ldapsearch -xLLL -D "cn=directory manager" -W 
-b cn=config "cn=389 to analog"


Enter LDAP Password:


dn: cn=389 to analog,cn=replica,cn=dc\3DMYDOMAIN\2C 
dc\3Dcom,cn=mapping tree,cn=config


objectClass: top

objectClass: nsDS5ReplicationAgreement

description: x-web-389-01 to x-analog-01

cn: 389 to analog

nsDS5ReplicaRoot: dc=MYDOMAIN,dc=com

nsDS5ReplicaHost: x-analog-01.MYDOMAIN.com

nsDS5ReplicaPort: 389

nsDS5ReplicaBindDN: cn=repman,cn=config

nsDS5ReplicaTransportInfo: LDAP

nsDS5ReplicaBindMethod: SIMPLE

nsDS5ReplicaCredentials: {DES}/DnkVyIX/let6epFs+gfjw==

nsds50ruv: {replicageneration} 4eb7e52b000000010000


nsds50ruv: {replica 2 ldap://x-analog-01.MYDOMAIN.com:389} 
4ec1600f000000020000 4ec29e53000000020000



nsds50ruv: {replica 1 ldap://x-web-389-01.MYDOMAIN.com:389} 
4ec116e4000000010000 4f329c1c000100010000



nsruvReplicaLastModified: {replica 2 
ldap://x-analog-01.MYDOMAIN.com:389} 00000000



nsruvReplicaLastModified: {replica 1 
ldap://x-web-389-01.MYDOMAIN.com:389} 00000000


nsds5replicareapactive: 0

nsds5replicaLastUpdateStart: 0

nsds5replicaLastUpdateEnd: 0

nsds5replicaChangesSentSinceStartup:


nsds5replicaLastUpdateStatus: 0 No replication sessions started since 
server startup


nsds5replicaUpdateInProgress: FALSE

nsds5replicaLastInitStart: 0

nsds5replicaLastInitEnd: 0

*From:*Rich Megginson [mailto:rmegg...@redhat.com]
*Sent:* Tuesday, March 13, 2012 12:24 PM
*To:* General discussion list for the 389 Directory server project.
*Cc:* Michael James
*Subject:* Re: [389-users] LDAP server is unwilling to perform


On 03/13/2012 10:23 AM, mja...@guesswho.com 
<mailto:mja...@guesswho.com> wrote:


Sorry, forgot to send this to the list.


There appears to be something wrong with your replication agreement 
entry, but I have no idea what.  That information should be in the 
logs but it is not.  Can you post your replication agreement entry to 
the list?



ldapsearch -xLLL -D "cn=directory manager" -W -b cn=config "cn=389 to 
analog"


*From:*Michael James
*Sent:* Tuesday, March 13, 2012 12:13 PM
*To:* 'Rich Megginson'
*Subject:* RE: [389-users] LDAP server is unwilling to perform


That’s a big **IF** there… I did turn up the logging. Attached is the 
error log, trimmed to around the time that I tried to create the new 
replication agreement. Sorry about that.



*From:*Rich Megginson [mailto:rmegg...@redhat.com] 
<mailto:[mailto:rmegg...@redhat.com]>

*Sent:* Tuesday, March 13, 2012 11:51 AM
*To:* General discussion list for the 389 Directory server project.
*Cc:* Michael James
*Subject:* Re: [389-users] LDAP server is unwilling to perform


On 03/13/2012 09:41 AM, mja...@guesswho.com 
<mailto:mja...@guesswho.com> wrote:


Pls see attached new console.log. Thanks.


If you follow the directions at 
http://port389.org/wiki/FAQ#Troubleshooting to enable the Replication 
log level, the extra information will be in the directory server 
errors log, not the console log - /var/log/dirsrv/slapd-INST/errors


Mike

*From:*Rich Megginson [mailto:rmegg...@redhat.com]
*Sent:* Monday, March 12, 2012 3:14 PM
*To:* General discussion list for the 389 Directory server project.
*Cc:* Michael James
*Subject:* Re: [389-users] LDAP server is unwilling to perform


On 03/12/2012 12:39 PM, mja...@guesswho.com 
<mailto:mja...@guesswho.com> wrote:


Pls. see attached. Thx.


Hmm - nothing to go on there - please turn on the Replication log 
level and reproduce the problem - then the errors log may contain more 
clues

http://port389.org/wiki/FAQ#Troubleshooting


Mike

*From:*Rich Megginson [mailto:rmegg...@redhat.com]
*Sent:* Monday, March 12, 2012 1:30 PM
*To:* General discussion list for the 389 Directory server project.
*Cc:* Michael James
*Subject:* Re: [389-users] LDAP server is unwilling to perform


On 03/12/2012 11:30 AM, mja...@guesswho.com 
<mailto:mja...@guesswho.com> wrote:



Thanks for your previous help. I built a new server, CentOS 6.2, added 
the epel-389-ds-base and epel repos, then installed 389-ds via yum. I 
ran setup-ds-admin.pl with the “Typical” setup option, user nobody, 
and registered with one of our existing configuration servers. I 
created the supplier bind DN on the new server per the installation docs.



At this point, I can’t establish a replication agreement. I open the 
389-console on existing server and use the GUI to create a new 
replication agreement on userRoot. I accepted the defaults, entered 
the correct bind DN and password. At the end of the wizard, it fails 
with “LDAP server is unwilling to perform”. In the error log, I see 
one error. Any help is appreciated. Thanks, Mike



Can you run the console with -D 9 -f console.log, reproduce the 
problem, remove any sensitive information from console.log, and post 
console.log to this list?





[12/Mar/2012:13:26:46 -0400] NSMMReplicationPlugin - 
agmtlist_add_callback: Can't start agreement "cn=389 to 
analog-01v,cn=replica,cn=dc\3d<MY_DOMAIN>\2c dc\3dcom,cn=mapping 
tree,cn=config"






--
389 users mailing list
389-us...@lists.fedoraproject.org  <mailto:389-us...@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users




--
389 users mailing list
389-us...@lists.fedoraproject.org  <mailto:389-us...@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users




--
389 users mailing list
389-us...@lists.fedoraproject.org  <mailto:389-us...@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





















					Reply via email to