Brian Fender
2007-Jun-07 18:35 UTC
[Fedora-directory-users] Replication fails due to lack of permissions
I started with two Redhat EL3U5 servers, setting up the newest available directory server (fedora-ds rpm) on each server with an identical configuration. I set up Single Master replication according to this guide: http://www.redhat.com/docs/manuals/dir-server/ag/7.1/replicat.html#11088 49. That is, I created a ''cn=replication manager,cn=config'' by pasting the example entry from the guide in the config/dse.ldif on the slave (consumer) server. I verified this account works by using LDAP Browser/Editor, I can log in and view my LDAP directory ''dc=foo,dc=net''. I cannot, however, add or delete any foo.net entries when logged in as the replication manager. When I configured a replication agreement on the master/supplier and restarted both servers, it errors out with: NSMMReplicationPlugin - agmt="cn=myagreement" (192:1389): Unable to acquire replica: permission denied. The bind dn "cn=replication manager,cn=config" does not have permission to supply replication updates to the replica. Will retry later. I had specified the ip address of the slave/consumer server when setting up the replication agreement, but because it refers to it as ''192:1389'' in the logs I thought maybe it was looking for a hostname. Getting past the fact that it will not allow underscores in the consumer name (I assume this is a bug), I added an /etc/hosts entry for the consumer on the master and recreated the replication agreement and restarted both servers. I still have the same problem: NSMMReplicationPlugin - agmt="cn=myagreement" (testappserver2:1389): Unable to acquire replica: permission denied. The bind dn "cn=replication manager,cn=config" does not have permission to supply replication updates to the replica. Will retry later. On the slave/consumer, I get: NSMMReplicationPlugin - conn=9 op=3 replica="dc=foo,dc=net": Unable to acquire replica: error: permission denied Any idea why this is happening? Shouldn''t the replication manager have read/write permissions to the userRoot by default since it inherits all the administrator roles?