Automatic master/consumer initialization
by Gerrard Geldenhuis
Hi
Is there any difference between right clicking on a replication agreement just created and selecting the Initialize Consumer or letting "nature" go its course and letting replication happen in the next "cycle".
Up until now I have created replication agreements using the GUI, but I have now started doing it via ldif files. If I don't immediately run:
dn: cn=%repl-agreement-name%,cn=replica,cn=dc\3dCompany,cn=mapping tree,cn=config
changetype: modify
replace: nsds5beginreplicarefresh
nsds5beginreplicarefresh: start
It seems to start on its own anyway. Having checked the data nothing looks wrong so I thought I would just double check.
Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
13 years, 8 months
AUTO : Serge Sterck est absent(e) (renvoi de Mer 01/09/2010)
by Serge.Sterck@fmsb.be
Je suis absent(e) entre Lun 23/08/2010 et Mer 01/09/2010.
Remarque : ceci est une réponse automatique à votre message "Re:
[389-users] Automatic master/consumer initialization" envoyé le 24.8.10
3:31:17.
C'est la seule notification que vous recevrez pendant l'absence de cette
personne.
13 years, 8 months
Inconsistency between GUI and ldapquery regarding replication agreements
by Gerrard Geldenhuis
Hi
We ran into a very interesting problem...
We can't run 389-console directly from the server on which it is running because it is just to slow to use. It takes almost 5 minutes just to login. We have thus resorted to running the console locally and doing port forwarding with ssh as 389 and 636 is blocked. This worked great until now. We created aliases to localhost for the server names eg:
127.0.0.1 authserver1.example.com authserver1
ssh -f -N -L 9830:authserver1:9830 authserver-ip
ssh -f -N -L 389:authserver1:389 authserver-ip
ssh -f -N -L 636:authserver1:636 authserver-ip
This works for individual servers but we now have a shared netscaperoot. What happens is that when we open up the console and connect to the any directory server we are actually connecting to localhost and thus end up seeing the same information for each server (not completely) it confuses the GUI no end.
This email's purpose is two fold, one is for the record and hopefully someone else will read this and not make the same mistake. Two, realizing that I have asked this before any suggestions for speeding up the console. It just seems odd that there is such a fast difference between running the console locally and running it remotely via ssh.
Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
13 years, 8 months
Variables in ldif files
by Gerrard Geldenhuis
Hi
Is there any standard script that comes with 389 that can take a set of parameters and replace those parameters in a ldif file? For example the parameters specified in
/usr/share/dirsrv/data/template-suffix-db.ldif
dn: cn=%ds_bename%,cn=ldbm database,cn=plugins,cn=config
I can write my own but if there is something I can just adopt that would be very useful.
Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
13 years, 8 months
Script to ingest audit file to database
by Juan Asensio Sánchez
Hi
Has anyone developed a script to do that? I need this, but I want to be sure
there is no a script that already exists. If not, I will do it. So, is there
any library for Perl to analyze that file, i.e., give the list of entries,
modifications made to that entries (add, modify, delete, modrdn), etc?
Also, could the Directory Server redirect the output of the audit to the
input of that script instead of the file?
regards.
13 years, 8 months
csngen_adjust_time: adjustment limit exceeded
by Juan Asensio Sánchez
Hi
I am having problems with some replicas. Using 389 DS 1.2.5, CentOS 5.5. A
few days ago, a server crashed, and when restarted, it had the time of the
crash (more than 1 day). Just after the server started up, the time was sync
with the NTP, but when dirsrv started, the time was wrong. Since that, the
replication agreements of the multimaster database it hosts, is giving
problems: "-1 Incremental update has failed and requires administrator
actionSystem error". So, I am trying to initialize the rest of the servers
from the "main" (tha server where the most os the modifications are done, we
have 6 servers in multimaster mode for the database, and other databases in
hub mode). When I try to initialize the server, i get this error on the
supplier: "Replication error acquiring replica: excessive clock skew. Error
Code: 2", although all the servers have the same time. In the consumer log,
I get this:
[16/Aug/2010:10:04:58 +0200] - csngen_adjust_time: adjustment limit
exceeded; value - 1390893, limit - 86400
[16/Aug/2010:10:04:58 +0200] - CSN generator's state:
[16/Aug/2010:10:04:58 +0200] - replica id: 5
[16/Aug/2010:10:04:58 +0200] - sampled time: 1281945898
[16/Aug/2010:10:04:58 +0200] - local offset: 0
[16/Aug/2010:10:04:58 +0200] - remote offset: 0
[16/Aug/2010:10:04:58 +0200] - sequence number: 111
I am stuck now. Tried to export database from supplier, import it in the
consumer, and try to reinitialize without success. Also tried to disable the
replica on both supplier and consumer, reenable it, and recreate the
replication agreements without success. I have seen this bug
https://bugzilla.redhat.com/show_bug.cgi?id=233642, but we have version
1.2.5, so his bug is supposed to be fixed. This is the result of the
readNsState.py on the supplier (only for the database giving problems):
nsState is BAAAADT2aEwAAAAAAQAAAAQAAAA=
Little Endian
For replica cn=replica, cn="dc=XXXXX,dc=XXXX", cn=mapping tree, cn=config
fmtstr=[H2x3IH2x]
size=20
len of nsstate is 20
CSN generator state:
Replica ID : 4
Sampled Time : 1281947188
Gen as csn : 4c68f634000400040000
Time as str : Mon Aug 16 10:26:28 2010
Local Offset : 0
Remote Offset : 1
Seq. num : 4
System time : Mon Aug 16 10:26:42 2010
Diff in sec. : 14
Day:sec diff : 0:14
And this in the consumer:
nsState is BQAAAPv1aEwAAAAAAAAAAAIAAAA=
Little Endian
For replica cn=replica, cn="dc=XXX,dc=XXXXX", cn=mapping tree, cn=config
fmtstr=[H2x3IH2x]
size=20
len of nsstate is 20
CSN generator state:
Replica ID : 5
Sampled Time : 1281947131
Gen as csn : 4c68f5fb000200050000
Time as str : Mon Aug 16 10:25:31 2010
Local Offset : 0
Remote Offset : 0
Seq. num : 2
System time : Mon Aug 16 10:26:24 2010
Diff in sec. : 53
Day:sec diff : 0:53
I think the low remote offset (accoriding to the bug this number should
increase with the changes) is due to the initialization of the database from
the exports. Any help? All replication agreements are a disaster now :S.
Regards and thanks in advance.
13 years, 8 months
Help setting up a subsuffix
by Javier Aravena Claramunt
Hello,
I'm trying to figure out how to create a subsuffix in its own database
so I can syncronize a part of the directory in master-slave fashion,
but I can't figure out how to. I create the subsuffix in the console
by using the context menu in the root suffix in the Data part of the
configuration tab, but I can't see the new ou. I've tried creating the
ou before the subsuffix, but that doesn't seem to work either. I read
something about the new subsuffix not having ACIs, but as I can't see
the ou, I can't seem to configure the ACIs of the subsuffix. Any
pointers on what to do between creating a new subsufix and using it
would be really apreciated :)
Regards,
--
Javier Aravena Claramunt
http://javier.aravenas.com
javier(a)aravenas.com
13 years, 8 months
Clarification on admin server and console
by Jonathan Boulle
I've been trawling through the documentation trying to get a better understanding of "best practices" for use of the console and admin server in an environment with a large number of directory servers. In the perfect scenario, we would like to be able to manage the entire estate (multiple locations) using one instance of the console; or perhaps one console per location. Unfortunately I'm not finding it straightforward.
I understand that on a (physical/virtual) server there can be multiple directory server instances but only one admin server instance. However, what I'm wondering is whether it is possible for an instance of the admin server to manage directory servers on different boxes. For example, could I have one admin server per location - where a location houses X physical servers each running a DS instance (a mix of read-only consumers and read-write suppliers)? This brings obvious benefits as regards easier backup and a single point of administration, but also becomes a bit of a single point of failure.
If not, is it necessary/standard to run an admin server per physical server, and then group them in the console by having them all share a single configuration server (as specified in setup-ds-admin.pl)? Although again this creates a single POF, at least with administration - or have I got the wrong end of the stick entirely?
One more point: the Console and Admin Server documentation has diagrams which reference "external programs"; what kind of things does this refer to? Is there a typical use case?
Thanks
Jonathan
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
13 years, 8 months
NetscapeRoot longevity
by Gerrard Geldenhuis
Hi
The database name NetscapeRoot I assume is a leftover from when 389 was a netscape product. Is there any plans to eventually change this to 389-root or something similar. It would be a purely cosmetic change though and probably way to much work and introduce many bugs... but I thought I would ask.
Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
13 years, 8 months
System configuration data
by Natr Brazell
All,
I've been using 389 server for basic authentication only. I here folks use
it for storing system information such as hostnames, IPs, MAC addresses etc
and then generate dns file or DHCP files etc. I'm curious if there are any
resoures that will tell me how to set up such an environment or if this
forum can provide me with some howto's, example ldif files etc and perhaps
some practical applications?
Thanks,
N
13 years, 8 months