I used the following docs to setup MMR on my CentOS 6.5 server: http://trialanderrorlinux.wordpress.com/2013/06/22/ldap-directory-server-on-... http://linuxrackers.com/doku.php?id=389_directory_server_setup_using_centos6... http://directory.fedoraproject.org/docs/389ds/howto/howto-walkthroughmultima... http://admintweets.com/389-ds-directory-services-multi-master-replication-se... I am not doing TLS between the master just between the clients and servers. Now i am looking at the error logs and I am seeing an error in the log:
[27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): State: wait_for_changes -> wait_for_changes [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): State: wait_for_changes -> start [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): No linger to cancel on the connection [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): Disconnected from the consumer [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): State: start -> ready_to_acquire_replica [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): State: ready_to_acquire_replica -> wait_for_changes [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 Acquired consumer connection extension [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 repl="dc=us1,dc=site,dc=com": Begin incremental protocol [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 replica="dc=us1,dc=site,dc=com": Unable to acquire replica: error: permission denied [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 repl="dc=us1,dc= site,dc=com": StartNSDS90ReplicationRequest: response=3 rc=0 [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 Relinquishing consumer connection extension Any idea what it could be? When I first set this up I did remember to init the replica.
Louis
The error message "Unable to acquire replica: error: permission denied" seem to point to a mis-configuration of replication agreement for the DN used to BIND, like a wrong password if basic authentication is used, or a typo in the DN of the attribute nsDS5ReplicaBindDN From http://port389.org/ , the documentation is at http://www.port389.org/docs/389ds/documentation.html https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/h... and more specifically https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/h... Thanks, M.
On 01/27/2015 10:37 AM, Louis Bohm wrote:
I used the following docs to setup MMR on my CentOS 6.5 server:
http://trialanderrorlinux.wordpress.com/2013/06/22/ldap-directory-server-on-centos-6-3-using-tls/ http://linuxrackers.com/doku.php?id=389_directory_server_setup_using_centos6_rhel6 http://directory.fedoraproject.org/docs/389ds/howto/howto-walkthroughmultimasterssl.html http://admintweets.com/389-ds-directory-services-multi-master-replication-setup/
I am not doing TLS between the master just between the clients and servers. Now i am looking at the error logs and I am seeing an error in the log:
[27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): State: wait_for_changes -> wait_for_changes [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): State: wait_for_changes -> start [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): No linger to cancel on the connection [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): Disconnected from the consumer [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): State: start -> ready_to_acquire_replica [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): State: ready_to_acquire_replica -> wait_for_changes [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 Acquired consumer connection extension [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 repl="dc=us1,dc=site,dc=com": Begin incremental protocol [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 replica="dc=us1,dc=site,dc=com": Unable to acquire replica: error: permission denied [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 repl="dc=us1,dc= site,dc=com": StartNSDS90ReplicationRequest: response=3 rc=0 [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 Relinquishing consumer connection extension
Any idea what it could be? When I first set this up I did remember to init the replica.
Louis
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
I will take a look at the docs you suggest. Having re-built this a few times the last time I made sure to write down my passwords and cut an paste them in so I would not have type-os. But anything is possible.
Louis On Jan 27, 2015, at 3:35 PM, Marc Sauton msauton@redhat.com wrote:
The error message "Unable to acquire replica: error: permission denied" seem to point to a mis-configuration of replication agreement for the DN used to BIND, like a wrong password if basic authentication is used, or a typo in the DN of the attribute nsDS5ReplicaBindDN From http://port389.org/ , the documentation is at http://www.port389.org/docs/389ds/documentation.html https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/h... and more specifically https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/h... Thanks, M.
On 01/27/2015 10:37 AM, Louis Bohm wrote:
I used the following docs to setup MMR on my CentOS 6.5 server: http://trialanderrorlinux.wordpress.com/2013/06/22/ldap-directory-server-on-... http://linuxrackers.com/doku.php?id=389_directory_server_setup_using_centos6... http://directory.fedoraproject.org/docs/389ds/howto/howto-walkthroughmultima... http://admintweets.com/389-ds-directory-services-multi-master-replication-se... I am not doing TLS between the master just between the clients and servers. Now i am looking at the error logs and I am seeing an error in the log:
[27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): State: wait_for_changes -> wait_for_changes [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): State: wait_for_changes -> start [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): No linger to cancel on the connection [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): Disconnected from the consumer [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): State: start -> ready_to_acquire_replica [27/Jan/2015:13:31:25 -0500] NSMMReplicationPlugin - agmt="cn=ldap01.userRoot" (ldap02:389): State: ready_to_acquire_replica -> wait_for_changes [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 Acquired consumer connection extension [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 repl="dc=us1,dc=site,dc=com": Begin incremental protocol [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 replica="dc=us1,dc=site,dc=com": Unable to acquire replica: error: permission denied [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 repl="dc=us1,dc= site,dc=com": StartNSDS90ReplicationRequest: response=3 rc=0 [27/Jan/2015:13:32:02 -0500] NSMMReplicationPlugin - conn=2347 op=3 Relinquishing consumer connection extension Any idea what it could be? When I first set this up I did remember to init the replica.
Louis
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org