Linux Admin
2006-Apr-28 02:35 UTC
[Fedora-directory-users] replicating configuration directotry (NetscapeRoot)
Folks, Is it possible to set up multi-master replication of NetscapeRoot configuration directory. I have tried and I can successfully initialize subscribers from the current configuration directory server. However initialization of replication in opposite direction fails. Server 1 current conf dir -> Server 2: rplication sucsfull o=NetscapeRoot is populated Server 1 current conf dir <- Server 2: rplication failes with error: Permission denied. Error code 3 on Server 2 I had to manully create NetscapeRoot database. What am I missing?. Is it "idiot prrof" feature? Thanks in advance for any help SysLin
Richard Megginson
2006-Apr-28 14:29 UTC
Re: [Fedora-directory-users] replicating configuration directotry (NetscapeRoot)
Linux Admin wrote:> Folks, > Is it possible to set up multi-master replication of NetscapeRoot > configuration directory. > I have tried and I can successfully initialize subscribers from the > current configuration directory server. > However initialization of replication in opposite direction fails. > > Server 1 current conf dir -> Server 2: rplication sucsfull > o=NetscapeRoot is populated > Server 1 current conf dir <- Server 2: rplication failes with error: > Permission denied. Error code 3Part of the problem is that, when you set up a second instance, the installer automatically enables pass through authentication for the console admin user, which allows that user to login as uid=admin,.....,o=NetscapeRoot on machines which do not have o=NetscapeRoot. So the first thing you need to do is to disable the pass through auth plugin (console -> directory console -> Configuration -> Plug-ins -> Pass Through -> uncheck the Enable box - then restart the server.> > on Server 2 I had to manully create NetscapeRoot database. > What am I missing?. Is it "idiot prrof" feature? > > Thanks in advance for any help > SysLin > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Linux Admin
2006-Apr-28 15:01 UTC
Re: [Fedora-directory-users] replicating configuration directotry (NetscapeRoot)
Richard, Thanks, this is very good. I do not want to really disable it right now, I just want to have 2 way replication between Server 1 and Server 2, and used authenticate against server1. I would then setup in pluging authentication against both 1 and 2. Is this right way? Thank your very much for your time and advice. On 4/28/06, Richard Megginson <rmeggins@redhat.com> wrote:> > Linux Admin wrote: > > Folks, > > Is it possible to set up multi-master replication of NetscapeRoot > > configuration directory. > > I have tried and I can successfully initialize subscribers from the > > current configuration directory server. > > However initialization of replication in opposite direction fails. > > > > Server 1 current conf dir -> Server 2: rplication sucsfull > > o=NetscapeRoot is populated > > Server 1 current conf dir <- Server 2: rplication failes with error: > > Permission denied. Error code 3 > Part of the problem is that, when you set up a second instance, the > installer automatically enables pass through authentication for the > console admin user, which allows that user to login as > uid=admin,.....,o=NetscapeRoot on machines which do not have > o=NetscapeRoot. So the first thing you need to do is to disable the > pass through auth plugin (console -> directory console -> Configuration > -> Plug-ins -> Pass Through -> uncheck the Enable box - then restart the > server. > > > > on Server 2 I had to manully create NetscapeRoot database. > > What am I missing?. Is it "idiot prrof" feature? > > > > Thanks in advance for any help > > SysLin > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > >
Richard Megginson
2006-Apr-28 15:26 UTC
Re: [Fedora-directory-users] replicating configuration directotry (NetscapeRoot)
Linux Admin wrote:> Richard, > Thanks, this is very good. > I do not want to really disable it right now,I think you may need to disable it on the replica in order to make replication work.> I just want to have 2 way replication between Server 1 and Server 2, > and used authenticate against server1. I would then setup in pluging > authentication against both 1 and 2. Is this right way? > Thank your very much for your time and advice. > > > On 4/28/06, *Richard Megginson* <rmeggins@redhat.com > <mailto:rmeggins@redhat.com>> wrote: > > Linux Admin wrote: > > Folks, > > Is it possible to set up multi-master replication of NetscapeRoot > > configuration directory. > > I have tried and I can successfully initialize subscribers from the > > current configuration directory server. > > However initialization of replication in opposite direction fails. > > > > Server 1 current conf dir -> Server 2: rplication sucsfull > > o=NetscapeRoot is populated > > Server 1 current conf dir <- Server 2: rplication failes with error: > > Permission denied. Error code 3 > Part of the problem is that, when you set up a second instance, the > installer automatically enables pass through authentication for the > console admin user, which allows that user to login as > uid=admin,.....,o=NetscapeRoot on machines which do not have > o=NetscapeRoot. So the first thing you need to do is to disable the > pass through auth plugin (console -> directory console -> > Configuration > -> Plug-ins -> Pass Through -> uncheck the Enable box - then > restart the > server. > > > > on Server 2 I had to manully create NetscapeRoot database. > > What am I missing?. Is it "idiot prrof" feature? > > > > Thanks in advance for any help > > SysLin > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Linux Admin
2006-Apr-28 15:33 UTC
Re: [Fedora-directory-users] replicating configuration directotry (NetscapeRoot)
Richard, Thanks, let me try. I am surprised there is no documentation at all on NetScape root replication. You help is very much appricated On 4/28/06, Richard Megginson <rmeggins@redhat.com> wrote:> > Linux Admin wrote: > > Richard, > > Thanks, this is very good. > > I do not want to really disable it right now, > I think you may need to disable it on the replica in order to make > replication work. > > I just want to have 2 way replication between Server 1 and Server 2, > > and used authenticate against server1. I would then setup in pluging > > authentication against both 1 and 2. Is this right way? > > Thank your very much for your time and advice. > > > > > > On 4/28/06, *Richard Megginson* <rmeggins@redhat.com > > <mailto:rmeggins@redhat.com>> wrote: > > > > Linux Admin wrote: > > > Folks, > > > Is it possible to set up multi-master replication of NetscapeRoot > > > configuration directory. > > > I have tried and I can successfully initialize subscribers from > the > > > current configuration directory server. > > > However initialization of replication in opposite direction fails. > > > > > > Server 1 current conf dir -> Server 2: rplication sucsfull > > > o=NetscapeRoot is populated > > > Server 1 current conf dir <- Server 2: rplication failes with > error: > > > Permission denied. Error code 3 > > Part of the problem is that, when you set up a second instance, the > > installer automatically enables pass through authentication for the > > console admin user, which allows that user to login as > > uid=admin,.....,o=NetscapeRoot on machines which do not have > > o=NetscapeRoot. So the first thing you need to do is to disable the > > pass through auth plugin (console -> directory console -> > > Configuration > > -> Plug-ins -> Pass Through -> uncheck the Enable box - then > > restart the > > server. > > > > > > on Server 2 I had to manully create NetscapeRoot database. > > > What am I missing?. Is it "idiot prrof" feature? > > > > > > Thanks in advance for any help > > > SysLin > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users@redhat.com > > <mailto:Fedora-directory-users@redhat.com> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > <mailto:Fedora-directory-users@redhat.com> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > >
Linux Admin
2006-May-01 21:13 UTC
Re: [Fedora-directory-users] replicating configuration directotry (NetscapeRoot)
Richard, I have tried disabling the pass-through on server 2 and unfortunately I still can not replicate from 2 to 1. Replications from 1 to 2 works fine. I had to manually create NetscapeRoot on 2 initially, could be it that is created with different set of attributes then on 1. The error is 3. Permission denied. What else could it be. Thanks for all your help. On 4/28/06, Linux Admin <sysadmin.linux@gmail.com> wrote:> > Richard, > Thanks, let me try. I am surprised there is no documentation at all on > NetScape root replication. > You help is very much appricated > > > > > On 4/28/06, Richard Megginson <rmeggins@redhat.com> wrote: > > > > Linux Admin wrote: > > > Richard, > > > Thanks, this is very good. > > > I do not want to really disable it right now, > > I think you may need to disable it on the replica in order to make > > replication work. > > > I just want to have 2 way replication between Server 1 and Server 2, > > > and used authenticate against server1. I would then setup in pluging > > > authentication against both 1 and 2. Is this right way? > > > Thank your very much for your time and advice. > > > > > > > > > On 4/28/06, *Richard Megginson* < rmeggins@redhat.com > > > <mailto:rmeggins@redhat.com>> wrote: > > > > > > Linux Admin wrote: > > > > Folks, > > > > Is it possible to set up multi-master replication of > > NetscapeRoot > > > > configuration directory. > > > > I have tried and I can successfully initialize subscribers from > > the > > > > current configuration directory server. > > > > However initialization of replication in opposite direction > > fails. > > > > > > > > Server 1 current conf dir -> Server 2: rplication sucsfull > > > > o=NetscapeRoot is populated > > > > Server 1 current conf dir <- Server 2: rplication failes with > > error: > > > > Permission denied. Error code 3 > > > Part of the problem is that, when you set up a second instance, > > the > > > installer automatically enables pass through authentication for > > the > > > console admin user, which allows that user to login as > > > uid=admin,.....,o=NetscapeRoot on machines which do not have > > > o=NetscapeRoot. So the first thing you need to do is to disable > > the > > > pass through auth plugin (console -> directory console -> > > > Configuration > > > -> Plug-ins -> Pass Through -> uncheck the Enable box - then > > > restart the > > > server. > > > > > > > > on Server 2 I had to manully create NetscapeRoot database. > > > > What am I missing?. Is it "idiot prrof" feature? > > > > > > > > Thanks in advance for any help > > > > SysLin > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users@redhat.com > > > <mailto:Fedora-directory-users@redhat.com> > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users@redhat.com > > > <mailto:Fedora-directory-users@redhat.com> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users@redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > >
Richard Megginson
2006-May-01 21:39 UTC
Re: [Fedora-directory-users] replicating configuration directotry (NetscapeRoot)
Linux Admin wrote:> Richard, > I have tried disabling the pass-through on server 2 and unfortunately > I still can not replicate from 2 to 1. > Replications from 1 to 2 works fine. I had to manually create > NetscapeRoot on 2 initially, could be it that is created with > different set of attributes then on 1. > The error is 3. Permission denied.Make sure the user you are using as your supplier DN on server 1 exists on server 1 (and likewise for server 2). Try using ldapsearch from the command line - bind with your supplier DN and password - to see if you can use those credentials to search the suffix on both servers.> What else could it be. > Thanks for all your help. > > > > On 4/28/06, *Linux Admin* <sysadmin.linux@gmail.com > <mailto:sysadmin.linux@gmail.com>> wrote: > > Richard, > Thanks, let me try. I am surprised there is no documentation at > all on NetScape root replication. > You help is very much appricated > > > > > On 4/28/06, * Richard Megginson* <rmeggins@redhat.com > <mailto:rmeggins@redhat.com>> wrote: > > Linux Admin wrote: > > Richard, > > Thanks, this is very good. > > I do not want to really disable it right now, > I think you may need to disable it on the replica in order to make > replication work. > > I just want to have 2 way replication between Server 1 and > Server 2, > > and used authenticate against server1. I would then setup in > pluging > > authentication against both 1 and 2. Is this right way? > > Thank your very much for your time and advice. > > > > > > On 4/28/06, *Richard Megginson* < rmeggins@redhat.com > <mailto:rmeggins@redhat.com> > > <mailto: rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> > wrote: > > > > Linux Admin wrote: > > > Folks, > > > Is it possible to set up multi-master replication of > NetscapeRoot > > > configuration directory. > > > I have tried and I can successfully initialize > subscribers from the > > > current configuration directory server. > > > However initialization of replication in opposite > direction fails. > > > > > > Server 1 current conf dir -> Server 2: rplication sucsfull > > > o=NetscapeRoot is populated > > > Server 1 current conf dir <- Server 2: rplication > failes with error: > > > Permission denied. Error code 3 > > Part of the problem is that, when you set up a second > instance, the > > installer automatically enables pass through > authentication for the > > console admin user, which allows that user to login as > > uid=admin,.....,o=NetscapeRoot on machines which do not have > > o=NetscapeRoot. So the first thing you need to do is to > disable the > > pass through auth plugin (console -> directory console -> > > Configuration > > -> Plug-ins -> Pass Through -> uncheck the Enable box - then > > restart the > > server. > > > > > > on Server 2 I had to manully create NetscapeRoot database. > > > What am I missing?. Is it "idiot prrof" feature? > > > > > > Thanks in advance for any help > > > SysLin > > > > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > <mailto: Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com>> > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > <https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > <mailto: Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com>> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > ------------------------------------------------------------------------ > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Linux Admin
2006-May-01 23:24 UTC
Re: [Fedora-directory-users] replicating configuration directotry (NetscapeRoot)
both servers has this enty in dse.ldif under /opt/fedora-ds/<server-name>/config dn: cn=replication manager,cn=config objectClass: inetorgperson objectClass: person objectClass: top objectClass: organizationalPerson cn: replication manager sn: RM userPassword: passwordExpirationTime: 20380119031407Z Is this sufficent? On 5/1/06, Richard Megginson <rmeggins@redhat.com> wrote:> > Linux Admin wrote: > > Richard, > > I have tried disabling the pass-through on server 2 and unfortunately > > I still can not replicate from 2 to 1. > > Replications from 1 to 2 works fine. I had to manually create > > NetscapeRoot on 2 initially, could be it that is created with > > different set of attributes then on 1. > > The error is 3. Permission denied. > Make sure the user you are using as your supplier DN on server 1 exists > on server 1 (and likewise for server 2). Try using ldapsearch from the > command line - bind with your supplier DN and password - to see if you > can use those credentials to search the suffix on both servers. > > What else could it be. > > Thanks for all your help. > > > > > > > > On 4/28/06, *Linux Admin* <sysadmin.linux@gmail.com > > <mailto:sysadmin.linux@gmail.com>> wrote: > > > > Richard, > > Thanks, let me try. I am surprised there is no documentation at > > all on NetScape root replication. > > You help is very much appricated > > > > > > > > > > On 4/28/06, * Richard Megginson* <rmeggins@redhat.com > > <mailto:rmeggins@redhat.com>> wrote: > > > > Linux Admin wrote: > > > Richard, > > > Thanks, this is very good. > > > I do not want to really disable it right now, > > I think you may need to disable it on the replica in order to > make > > replication work. > > > I just want to have 2 way replication between Server 1 and > > Server 2, > > > and used authenticate against server1. I would then setup in > > pluging > > > authentication against both 1 and 2. Is this right way? > > > Thank your very much for your time and advice. > > > > > > > > > On 4/28/06, *Richard Megginson* < rmeggins@redhat.com > > <mailto:rmeggins@redhat.com> > > > <mailto: rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> > > wrote: > > > > > > Linux Admin wrote: > > > > Folks, > > > > Is it possible to set up multi-master replication of > > NetscapeRoot > > > > configuration directory. > > > > I have tried and I can successfully initialize > > subscribers from the > > > > current configuration directory server. > > > > However initialization of replication in opposite > > direction fails. > > > > > > > > Server 1 current conf dir -> Server 2: rplication > sucsfull > > > > o=NetscapeRoot is populated > > > > Server 1 current conf dir <- Server 2: rplication > > failes with error: > > > > Permission denied. Error code 3 > > > Part of the problem is that, when you set up a second > > instance, the > > > installer automatically enables pass through > > authentication for the > > > console admin user, which allows that user to login as > > > uid=admin,.....,o=NetscapeRoot on machines which do not > have > > > o=NetscapeRoot. So the first thing you need to do is to > > disable the > > > pass through auth plugin (console -> directory console -> > > > Configuration > > > -> Plug-ins -> Pass Through -> uncheck the Enable box - > then > > > restart the > > > server. > > > > > > > > on Server 2 I had to manully create NetscapeRoot > database. > > > > What am I missing?. Is it "idiot prrof" feature? > > > > > > > > Thanks in advance for any help > > > > SysLin > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users@redhat.com > > <mailto:Fedora-directory-users@redhat.com> > > > <mailto: Fedora-directory-users@redhat.com > > <mailto:Fedora-directory-users@redhat.com>> > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > <https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users@redhat.com > > <mailto:Fedora-directory-users@redhat.com> > > > <mailto: Fedora-directory-users@redhat.com > > <mailto:Fedora-directory-users@redhat.com>> > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users@redhat.com > > <mailto:Fedora-directory-users@redhat.com> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > <mailto:Fedora-directory-users@redhat.com> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > >
Linux Admin
2006-May-01 23:27 UTC
Re: [Fedora-directory-users] replicating configuration directotry (NetscapeRoot)
Richard, Here is more detail error message [01/May/2006:18:21:38 -0500] NSMMReplicationPlugin - agmt="cn=F04T02NET" (serve01:1389): Unable to acquire replica: permission denied. The bind dn "cn=replication manager,cn=config" does not have permission to supply replication updates to the replica. Will retry later On 5/1/06, Richard Megginson <rmeggins@redhat.com> wrote:> > Linux Admin wrote: > > Richard, > > I have tried disabling the pass-through on server 2 and unfortunately > > I still can not replicate from 2 to 1. > > Replications from 1 to 2 works fine. I had to manually create > > NetscapeRoot on 2 initially, could be it that is created with > > different set of attributes then on 1. > > The error is 3. Permission denied. > Make sure the user you are using as your supplier DN on server 1 exists > on server 1 (and likewise for server 2). Try using ldapsearch from the > command line - bind with your supplier DN and password - to see if you > can use those credentials to search the suffix on both servers. > > What else could it be. > > Thanks for all your help. > > > > > > > > On 4/28/06, *Linux Admin* <sysadmin.linux@gmail.com > > <mailto:sysadmin.linux@gmail.com>> wrote: > > > > Richard, > > Thanks, let me try. I am surprised there is no documentation at > > all on NetScape root replication. > > You help is very much appricated > > > > > > > > > > On 4/28/06, * Richard Megginson* <rmeggins@redhat.com > > <mailto:rmeggins@redhat.com>> wrote: > > > > Linux Admin wrote: > > > Richard, > > > Thanks, this is very good. > > > I do not want to really disable it right now, > > I think you may need to disable it on the replica in order to > make > > replication work. > > > I just want to have 2 way replication between Server 1 and > > Server 2, > > > and used authenticate against server1. I would then setup in > > pluging > > > authentication against both 1 and 2. Is this right way? > > > Thank your very much for your time and advice. > > > > > > > > > On 4/28/06, *Richard Megginson* < rmeggins@redhat.com > > <mailto:rmeggins@redhat.com> > > > <mailto: rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> > > wrote: > > > > > > Linux Admin wrote: > > > > Folks, > > > > Is it possible to set up multi-master replication of > > NetscapeRoot > > > > configuration directory. > > > > I have tried and I can successfully initialize > > subscribers from the > > > > current configuration directory server. > > > > However initialization of replication in opposite > > direction fails. > > > > > > > > Server 1 current conf dir -> Server 2: rplication > sucsfull > > > > o=NetscapeRoot is populated > > > > Server 1 current conf dir <- Server 2: rplication > > failes with error: > > > > Permission denied. Error code 3 > > > Part of the problem is that, when you set up a second > > instance, the > > > installer automatically enables pass through > > authentication for the > > > console admin user, which allows that user to login as > > > uid=admin,.....,o=NetscapeRoot on machines which do not > have > > > o=NetscapeRoot. So the first thing you need to do is to > > disable the > > > pass through auth plugin (console -> directory console -> > > > Configuration > > > -> Plug-ins -> Pass Through -> uncheck the Enable box - > then > > > restart the > > > server. > > > > > > > > on Server 2 I had to manully create NetscapeRoot > database. > > > > What am I missing?. Is it "idiot prrof" feature? > > > > > > > > Thanks in advance for any help > > > > SysLin > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users@redhat.com > > <mailto:Fedora-directory-users@redhat.com> > > > <mailto: Fedora-directory-users@redhat.com > > <mailto:Fedora-directory-users@redhat.com>> > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > <https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users@redhat.com > > <mailto:Fedora-directory-users@redhat.com> > > > <mailto: Fedora-directory-users@redhat.com > > <mailto:Fedora-directory-users@redhat.com>> > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users@redhat.com > > <mailto:Fedora-directory-users@redhat.com> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > <mailto:Fedora-directory-users@redhat.com> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > >
Richard Megginson
2006-May-02 01:35 UTC
Re: [Fedora-directory-users] replicating configuration directotry (NetscapeRoot)
Linux Admin wrote:> both servers has this enty in dse.ldif under > /opt/fedora-ds/<server-name>/config > > dn: cn=replication manager,cn=config > objectClass: inetorgperson > objectClass: person > objectClass: top > objectClass: organizationalPerson > cn: replication manager > sn: RM > userPassword: > passwordExpirationTime: 20380119031407Z > > Is this sufficent?That''s necessary, but perhaps not sufficient. Now, try ldapsearch to bind and search each directory server using the cn=replication manager,cn=config user. Then, verify that in your Replica configuration you have specified cn=replication manager,cn=config as the supplier DN.> > On 5/1/06, *Richard Megginson* <rmeggins@redhat.com > <mailto:rmeggins@redhat.com>> wrote: > > Linux Admin wrote: > > Richard, > > I have tried disabling the pass-through on server 2 and > unfortunately > > I still can not replicate from 2 to 1. > > Replications from 1 to 2 works fine. I had to manually create > > NetscapeRoot on 2 initially, could be it that is created with > > different set of attributes then on 1. > > The error is 3. Permission denied. > Make sure the user you are using as your supplier DN on server 1 > exists > on server 1 (and likewise for server 2). Try using ldapsearch > from the > command line - bind with your supplier DN and password - to see if you > can use those credentials to search the suffix on both servers. > > What else could it be. > > Thanks for all your help. > > > > > > > > On 4/28/06, *Linux Admin* <sysadmin.linux@gmail.com > <mailto:sysadmin.linux@gmail.com> > > <mailto: sysadmin.linux@gmail.com > <mailto:sysadmin.linux@gmail.com>>> wrote: > > > > Richard, > > Thanks, let me try. I am surprised there is no documentation at > > all on NetScape root replication. > > You help is very much appricated > > > > > > > > > > On 4/28/06, * Richard Megginson* <rmeggins@redhat.com > <mailto:rmeggins@redhat.com> > > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> > wrote: > > > > Linux Admin wrote: > > > Richard, > > > Thanks, this is very good. > > > I do not want to really disable it right now, > > I think you may need to disable it on the replica in > order to make > > replication work. > > > I just want to have 2 way replication between Server 1 and > > Server 2, > > > and used authenticate against server1. I would then > setup in > > pluging > > > authentication against both 1 and 2. Is this right way? > > > Thank your very much for your time and advice. > > > > > > > > > On 4/28/06, *Richard Megginson* < rmeggins@redhat.com > <mailto:rmeggins@redhat.com> > > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>> > > > <mailto: rmeggins@redhat.com > <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com > <mailto:rmeggins@redhat.com>>>> > > wrote: > > > > > > Linux Admin wrote: > > > > Folks, > > > > Is it possible to set up multi-master replication of > > NetscapeRoot > > > > configuration directory. > > > > I have tried and I can successfully initialize > > subscribers from the > > > > current configuration directory server. > > > > However initialization of replication in opposite > > direction fails. > > > > > > > > Server 1 current conf dir -> Server 2: > rplication sucsfull > > > > o=NetscapeRoot is populated > > > > Server 1 current conf dir <- Server 2: rplication > > failes with error: > > > > Permission denied. Error code 3 > > > Part of the problem is that, when you set up a second > > instance, the > > > installer automatically enables pass through > > authentication for the > > > console admin user, which allows that user to login as > > > uid=admin,.....,o=NetscapeRoot on machines which > do not have > > > o=NetscapeRoot. So the first thing you need to do > is to > > disable the > > > pass through auth plugin (console -> directory > console -> > > > Configuration > > > -> Plug-ins -> Pass Through -> uncheck the Enable > box - then > > > restart the > > > server. > > > > > > > > on Server 2 I had to manully create NetscapeRoot > database. > > > > What am I missing?. Is it "idiot prrof" feature? > > > > > > > > Thanks in advance for any help > > > > SysLin > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > <mailto:Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com>> > > > <mailto: Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > <mailto:Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com>>> > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > < > https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > <mailto:Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com>> > > > <mailto: Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > <mailto:Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com>>> > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > <mailto:Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com>> > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > <mailto: Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com>> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > >
Richard Megginson
2006-May-02 01:36 UTC
Re: [Fedora-directory-users] replicating configuration directotry (NetscapeRoot)
Linux Admin wrote:> Richard, Here is more detail error message > [01/May/2006:18:21:38 -0500] NSMMReplicationPlugin - > agmt="cn=F04T02NET" (serve01:1389): Unable to acquire replica: > permission denied. The bind dn "cn=replication manager,cn=config" does > not have permission to supply replication updates to the replica. Will > retry laterThis usually means there is no supplier DN given in the replica config, or there is a spelling error in the supplier DN name.> > > > On 5/1/06, *Richard Megginson* <rmeggins@redhat.com > <mailto:rmeggins@redhat.com>> wrote: > > Linux Admin wrote: > > Richard, > > I have tried disabling the pass-through on server 2 and > unfortunately > > I still can not replicate from 2 to 1. > > Replications from 1 to 2 works fine. I had to manually create > > NetscapeRoot on 2 initially, could be it that is created with > > different set of attributes then on 1. > > The error is 3. Permission denied. > Make sure the user you are using as your supplier DN on server 1 > exists > on server 1 (and likewise for server 2). Try using ldapsearch > from the > command line - bind with your supplier DN and password - to see if you > can use those credentials to search the suffix on both servers. > > What else could it be. > > Thanks for all your help. > > > > > > > > On 4/28/06, *Linux Admin* <sysadmin.linux@gmail.com > <mailto:sysadmin.linux@gmail.com> > > <mailto: sysadmin.linux@gmail.com > <mailto:sysadmin.linux@gmail.com>>> wrote: > > > > Richard, > > Thanks, let me try. I am surprised there is no documentation at > > all on NetScape root replication. > > You help is very much appricated > > > > > > > > > > On 4/28/06, * Richard Megginson* <rmeggins@redhat.com > <mailto:rmeggins@redhat.com> > > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> > wrote: > > > > Linux Admin wrote: > > > Richard, > > > Thanks, this is very good. > > > I do not want to really disable it right now, > > I think you may need to disable it on the replica in > order to make > > replication work. > > > I just want to have 2 way replication between Server 1 and > > Server 2, > > > and used authenticate against server1. I would then > setup in > > pluging > > > authentication against both 1 and 2. Is this right way? > > > Thank your very much for your time and advice. > > > > > > > > > On 4/28/06, *Richard Megginson* < rmeggins@redhat.com > <mailto:rmeggins@redhat.com> > > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>> > > > <mailto: rmeggins@redhat.com > <mailto:rmeggins@redhat.com> <mailto:rmeggins@redhat.com > <mailto:rmeggins@redhat.com>>>> > > wrote: > > > > > > Linux Admin wrote: > > > > Folks, > > > > Is it possible to set up multi-master replication of > > NetscapeRoot > > > > configuration directory. > > > > I have tried and I can successfully initialize > > subscribers from the > > > > current configuration directory server. > > > > However initialization of replication in opposite > > direction fails. > > > > > > > > Server 1 current conf dir -> Server 2: > rplication sucsfull > > > > o=NetscapeRoot is populated > > > > Server 1 current conf dir <- Server 2: rplication > > failes with error: > > > > Permission denied. Error code 3 > > > Part of the problem is that, when you set up a second > > instance, the > > > installer automatically enables pass through > > authentication for the > > > console admin user, which allows that user to login as > > > uid=admin,.....,o=NetscapeRoot on machines which > do not have > > > o=NetscapeRoot. So the first thing you need to do > is to > > disable the > > > pass through auth plugin (console -> directory > console -> > > > Configuration > > > -> Plug-ins -> Pass Through -> uncheck the Enable > box - then > > > restart the > > > server. > > > > > > > > on Server 2 I had to manully create NetscapeRoot > database. > > > > What am I missing?. Is it "idiot prrof" feature? > > > > > > > > Thanks in advance for any help > > > > SysLin > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > <mailto:Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com>> > > > <mailto: Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > <mailto:Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com>>> > > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > < > https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > > > > > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > <mailto:Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com>> > > > <mailto: Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > <mailto:Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com>>> > > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > <mailto:Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com>> > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > <mailto: Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com>> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > >