> Rich Megginson wrote: >> Mister Anonyme wrote: >> Hi, >> I tried to follow the guidelines here: >> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html >> And it doesn''t work. > >Can you be more specific?There you go... SERVER1 is first server, SERVER2 is second server (failover) =======================================First step (from the doc): Install and configure the first Directory Server instance. ======================================= ****** file.inf ****** FullMachineName = SERVER1 AdminDomain = MY DOMAIN NAME SuiteSpotUserID = nobody SuiteSpotGroup = nobody ConfigDirectoryLdapURL = ldap://SERVER1:389/o=NetscapeRoot ConfigDirectoryAdminID = admin ConfigDirectoryAdminPwd = MY PASSWORD [admin] ServerAdminID = admin ServerAdminPwd = MY PASSWORD SysUser = nobody ServerIpAddress = MY SERVER IP ADDRESS Port = 9830 [slapd] InstallLdifFile = suggest ServerIdentifier = SERVER1 ServerPort = 389 AddOrgEntries = Yes RootDN = cn=Directory Manager RootDNPwd = MY DS PASSWORD SlapdConfigForMC = yes Suffix = dc=EXAMPLE, dc=NET UseExistingMC = 0 AddSampleEntries = Yes ConfigFile = repluser.ldif ConfigFile = changelog.ldif ConfigFile = replica.ldif ConfigFile = replagreement.ldif *************** repluser.ldif *************** dn: cn=replication manager,cn=config objectClass: inetorgperson objectClass: person objectClass: top cn: replication manager sn: RM userPassword: MY ENCRYPTED PASSWORD passwordExpirationTime: 20380119031407Z **************** changelog.ldif **************** dn: cn=changelog5,cn=config objectclass: top objectclass: extensibleObject cn: changelog5 nsslapd-changelogdir: /var/lib/dirsrv/slapd-MYINSTANCE/changelogdb ************ replica.ldif ************* dn: cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config objectclass: top objectclass: nsds5replica objectclass: extensibleObject cn: replica nsds5replicaroot: o=NetscapeRoot nsds5replicaid: 1 nsds5replicatype: 3 nsds5flags: 1 nsds5ReplicaPurgeDelay: 604800 nsds5ReplicaBindDN: cn=replication manager,cn=config ****************** replagreement.ldif ****************** dn: cn=replication_netscaperoot,cn=replica,cn="o=Netscaperoot",cn=mapping tree,cn=config objectclass: top objectclass: nsds5replicationagreement cn: replication_netscaperoot nsds5replicahost: SECONDARY LDAP SERVER HOSTNAME nsds5replicaport: 389 nsds5ReplicaBindDN: cn=replication manager nsds5replicabindmethod: SIMPLE nsds5replicaroot: o=Netscaperoot description: replication netscaperoot nsds5replicacredentials: ENCRYPTEDPASSWORD nsds5BeginReplicaRefresh: start I run this command: # /usr/sbin/setup-ds-admin -s -f file.inf Here''s the log: [...] +Processing repluser.ldif ... +++check_and_add_entry: Entry not found cn=replication manager,cn=config error No such object +Entry cn=replication manager,cn=config is added +Processing changelog.ldif ... +++check_and_add_entry: Entry not found cn=changelog5,cn=config error No such object +Entry cn=changelog5,cn=config is added +Processing replica.ldif ... +++check_and_add_entry: Entry not found cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config error No such object +ERROR: adding an entry cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config failed, error: No such object dn: cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config objectclass: top objectclass: nsds5replica objectclass: extensibleObject cn: replica nsds5replicaroot: o=NetscapeRoot nsds5replicaid: 1 nsds5replicatype: 3 nsds5flags: 1 nsds5replicapurgedelay: 604800 nsds5replicabinddn: cn=replication manager,cn=config +ERROR: There was an error processing entry cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config +Cannot continue processing entries. So, I created another file (the documentation didn''t mention this so I don''t know if it''s the ''good'' procedure...): ************* replica_1.ldif ************* dn: cn="o=NetscapeRoot",cn=mapping tree,cn=config objectclass: top objectclass: nsMappingTree objectclass: extensibleObject cn: "o=NetscapeRoot" I added just before the replica.ldif in the "file.inf", [slapd] section. Then: # /usr/sbin/setup-ds-admin -s -f file.inf It works well until...: [...] +[13/Aug/2008:15:07:17 -0400] NSMMReplicationPlugin - _replica_configure_ruv: replication broken for entry (o=NetscapeRoot); LDAP error - 1 +[13/Aug/2008:15:07:17 -0400] NSMMReplicationPlugin - Unable to configure replica o=NetscapeRoot: +[13/Aug/2008:15:07:17 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests +Your new directory server has been started. Your new DS instance ''INSTANCENAME'' was successfully created. Creating the configuration directory server . . . The suffix ''o=NetscapeRoot'' already exists. Config entry DN ''cn="o=NetscapeRoot",cn=mapping tree,cn=config''. Failed to create the configuration directory server Exiting . . . So, it won''t process LDIF files that I created according to the documentation, but if I force the creation of NetscapeRoot so the replica.ldif can be processed, it won''t continue because it already exists... Great... I removed replica_1.ldif, replica.ldif, replagreement.ldif from file.inf and ran this agan: # /usr/sbin/setup-ds-admin -s -f file.inf [...] The admin server was successfully started. Admin server was successfully created, configured, and started. Then, I manually created a replica and a replica agreement: /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager" -w PASSWD < replica.ldif /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager" -w PASSWD < replagreement.ldif It went with sucess. Now, step 2 from the doc... The inf file of the second server: ****** file.inf ****** [General] AdminDomain = EXAMPLE.DOMAIN SuiteSpotGroup = nobody ConfigDirectoryLdapURL = ldap://SERVER1 (or SERVER2, doesn''t matter, it fails).nl.rsft.net:389/o=NetscapeRoot ConfigDirectoryAdminID = admin FullMachineName = SERVER2 SuiteSpotUserID = nobody ConfigDirectoryAdminPwd = PASS [admin] ServerAdminID = admin ServerAdminPwd = PASS SysUser = nobody Port = 9830 [slapd] InstallLdifFile = suggest ServerIdentifier = SERVER2 ServerPort = 389 AddOrgEntries = Yes RootDN = cn=Directory Manager RootDNPwd = SERVER2 Suffix = dc=EXAMPLE,dc=DOMAIN UseExistingMC = 0 AddSampleEntries = No ConfigFile = netscaperootdb.ldif ConfigFile = repluser.ldif ConfigFile = changelog.ldif ConfigFile = replica.ldif ConfigFile = replagreement.ldif I won''t show repluser.ldif, changelog.ldif, replica.ldif and replagreement.ldif, they are same as above, except for netscapeootdb.ldif: ****************** netscaperootdb.ldif ****************** dn: cn="o=netscaperoot",cn=mapping tree,cn=config objectclass: top objectclass: extensibleObject objectclass: nsMappingTree nsslapd-state: backend nsslapd-backend: NetscapeRoot cn: o=NetscapeRoot I ran the script: # /usr/sbin/setup-ds.pl -s -f file.inf There''s not error until... [...] +importing data ... [13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, pages: 258922, procpages: 6198 [13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k [13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [13/Aug/2008:15:30:35 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, pages: 258922, procpages: 6198 [13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k [13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [13/Aug/2008:15:30:36 -0400] - import userRoot: Beginning import job... [13/Aug/2008:15:30:36 -0400] - import userRoot: Index buffering enabled with bucket size 100 [13/Aug/2008:15:30:36 -0400] - import userRoot: Processing file "/tmp/ldifBTMcP9.ldif" [13/Aug/2008:15:30:36 -0400] - import userRoot: Finished scanning file "/tmp/ldifBTMcP9.ldif" (9 entries) [13/Aug/2008:15:30:37 -0400] - import userRoot: Workers finished; cleaning up... [13/Aug/2008:15:30:37 -0400] - import userRoot: Workers cleaned up. [13/Aug/2008:15:30:37 -0400] - import userRoot: Cleaning up producer thread... [13/Aug/2008:15:30:37 -0400] - import userRoot: Indexing complete. Post-processing... [13/Aug/2008:15:30:37 -0400] - import userRoot: Flushing caches... [13/Aug/2008:15:30:37 -0400] - import userRoot: Closing files... [13/Aug/2008:15:30:37 -0400] - All database threads now stopped [13/Aug/2008:15:30:37 -0400] - import userRoot: Import complete. Processed 9 entries in 1 seconds. (9.00 entries/sec) +Starting the server: /usr/lib/dirsrv/slapd-myinstance/start-slapd +Started the server: code 256 Server failed to start !!! Please check errors log for problems + Red Hat-Directory/8.0.0 B2007.353.1757 + server2:389 (/etc/dirsrv/slapd-myinstance) + +[13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, pages: 258922, procpages: 6198 +[13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k +[13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 +[13/Aug/2008:15:30:35 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database +[13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, pages: 258922, procpages: 6198 +[13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k +[13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 +[13/Aug/2008:15:30:36 -0400] - import userRoot: Beginning import job... +[13/Aug/2008:15:30:36 -0400] - import userRoot: Index buffering enabled with bucket size 100 +[13/Aug/2008:15:30:36 -0400] - import userRoot: Processing file "/tmp/ldifBTMcP9.ldif" +[13/Aug/2008:15:30:36 -0400] - import userRoot: Finished scanning file "/tmp/ldifBTMcP9.ldif" (9 entries) +[13/Aug/2008:15:30:37 -0400] - import userRoot: Workers finished; cleaning up... +[13/Aug/2008:15:30:37 -0400] - import userRoot: Workers cleaned up. +[13/Aug/2008:15:30:37 -0400] - import userRoot: Cleaning up producer thread... +[13/Aug/2008:15:30:37 -0400] - import userRoot: Indexing complete. Post-processing... +[13/Aug/2008:15:30:37 -0400] - import userRoot: Flushing caches... +[13/Aug/2008:15:30:37 -0400] - import userRoot: Closing files... +[13/Aug/2008:15:30:37 -0400] - All database threads now stopped +[13/Aug/2008:15:30:37 -0400] - import userRoot: Import complete. Processed 9 entries in 1 seconds. (9.00 entries/sec) +[13/Aug/2008:15starting up +[13/Aug/2008:15:30:39 -0400] - I''m resizing my cache now...cache was 209715200 and is now 8000000 +[13/Aug/2008:15:30:39 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot And it hung up. I had to do CTRL-C to have prompt. Well, maybe it''s normal.. This server isn''t completely installed. So, step 3 from the doc, I ran it on the SERVER1: # /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager" -w PASSWD ldapmodify-bin: started Wed Aug 13 15:37:03 2008 ldap_init( localhost, 389 ) dn: cn=ExampleAgreement1,cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config changetype: modify replace: nsds5beginreplicarefresh nsds5beginreplicarefresh: start replace nsds5beginreplicarefresh: start modifying entry cn=ExampleAgreement1,cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config ldap_modify: No such object This is when I gave up and decided to create a NetscapeRoot''s replication directly from the Java console. I mean, I installed two LDAP servers with the second server that it uses the Configuration Server from the first server. The replication works very well between two servers (only if I setup from the Java console) but when I want to do the the step 4 from the doc (create local Administration Server), it doesn''t work, the script ''register-ds-admin.pl'' always fails. Thank you very much for your help! _________________________________________________________________ If you like crossword puzzles, then you''ll love Flexicon, a game which combines four overlapping crossword puzzles into one! http://g.msn.ca/ca55/208
Mister Anonyme
2008-Aug-13 19:59 UTC
RE: [Fedora-directory-users] Failover issues (PLEASE READ THIS BEFORE REPLYING)
I did a small mistake. I tried to re-create a scenario of when I tried to create a failover system. About step 3, the synchronization, Instead of sending this command: dn: cn=ExampleAgreement1,cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config changetype: modify replace: nsds5beginreplicarefresh nsds5beginreplicarefresh: start I sent this: *************************************** dn: cn=replication_netscaperoot,cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config changetype: modify replace: nsds5beginreplicarefresh nsds5beginreplicarefresh: start *************************************** The result is: modifying entry cn=replication_netscaperoot,cn=replica,cn="o=Netscaperoot",cn=mapping tree,cn=config modify complete Then, the error in the console is: invalid credentials in ''status'' tab, ''replication status''. I can confirm that the credentials are OK because I used the same file repluser.ldif in both servers. Also, when I try to open the console in SERVER2, I got this error: Cannot connect to the Admin Server "http://SERVER2:9830/" The URL is not correct or the server is not running. I restarted the SERVER2 without success. Thanks From: benetage@hotmail.com To: fedora-directory-users@redhat.com Date: Wed, 13 Aug 2008 15:47:33 -0400 Subject: [Fedora-directory-users] (no subject)> Rich Megginson wrote: >> Mister Anonyme wrote: >> Hi, >> I tried to follow the guidelines here: >> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html >> And it doesn''t work. > >Can you be more specific?There you go... SERVER1 is first server, SERVER2 is second server (failover) =======================================First step (from the doc): Install and configure the first Directory Server instance. ======================================= ****** file.inf ****** FullMachineName = SERVER1 AdminDomain = MY DOMAIN NAME SuiteSpotUserID = nobody SuiteSpotGroup = nobody ConfigDirectoryLdapURL = ldap://SERVER1:389/o=NetscapeRoot ConfigDirectoryAdminID = admin ConfigDirectoryAdminPwd = MY PASSWORD [admin] ServerAdminID = admin ServerAdminPwd = MY PASSWORD SysUser = nobody ServerIpAddress = MY SERVER IP ADDRESS Port = 9830 [slapd] InstallLdifFile = suggest ServerIdentifier = SERVER1 ServerPort = 389 AddOrgEntries = Yes RootDN = cn=Directory Manager RootDNPwd = MY DS PASSWORD SlapdConfigForMC = yes Suffix = dc=EXAMPLE, dc=NET UseExistingMC = 0 AddSampleEntries = Yes ConfigFile = repluser.ldif ConfigFile = changelog.ldif ConfigFile = replica.ldif ConfigFile = replagreement.ldif *************** repluser.ldif *************** dn: cn=replication manager,cn=config objectClass: inetorgperson objectClass: person objectClass: top cn: replication manager sn: RM userPassword: MY ENCRYPTED PASSWORD passwordExpirationTime: 20380119031407Z **************** changelog.ldif **************** dn: cn=changelog5,cn=config objectclass: top objectclass: extensibleObject cn: changelog5 nsslapd-changelogdir: /var/lib/dirsrv/slapd-MYINSTANCE/changelogdb ************ replica.ldif ************* dn: cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config objectclass: top objectclass: nsds5replica objectclass: extensibleObject cn: replica nsds5replicaroot: o=NetscapeRoot nsds5replicaid: 1 nsds5replicatype: 3 nsds5flags: 1 nsds5ReplicaPurgeDelay: 604800 nsds5ReplicaBindDN: cn=replication manager,cn=config ****************** replagreement.ldif ****************** dn: cn=replication_netscaperoot,cn=replica,cn="o=Netscaperoot",cn=mapping tree,cn=config objectclass: top objectclass: nsds5replicationagreement cn: replication_netscaperoot nsds5replicahost: SECONDARY LDAP SERVER HOSTNAME nsds5replicaport: 389 nsds5ReplicaBindDN: cn=replication manager nsds5replicabindmethod: SIMPLE nsds5replicaroot: o=Netscaperoot description: replication netscaperoot nsds5replicacredentials: ENCRYPTEDPASSWORD nsds5BeginReplicaRefresh: start I run this command: # /usr/sbin/setup-ds-admin -s -f file.inf Here''s the log: [...] +Processing repluser.ldif ... +++check_and_add_entry: Entry not found cn=replication manager,cn=config error No such object +Entry cn=replication manager,cn=config is added +Processing changelog.ldif ... +++check_and_add_entry: Entry not found cn=changelog5,cn=config error No such object +Entry cn=changelog5,cn=config is added +Processing replica.ldif ... +++check_and_add_entry: Entry not found cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config error No such object +ERROR: adding an entry cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config failed, error: No such object dn: cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config objectclass: top objectclass: nsds5replica objectclass: extensibleObject cn: replica nsds5replicaroot: o=NetscapeRoot nsds5replicaid: 1 nsds5replicatype: 3 nsds5flags: 1 nsds5replicapurgedelay: 604800 nsds5replicabinddn: cn=replication manager,cn=config +ERROR: There was an error processing entry cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config +Cannot continue processing entries. So, I created another file (the documentation didn''t mention this so I don''t know if it''s the ''good'' procedure...): ************* replica_1.ldif ************* dn: cn="o=NetscapeRoot",cn=mapping tree,cn=config objectclass: top objectclass: nsMappingTree objectclass: extensibleObject cn: "o=NetscapeRoot" I added just before the replica.ldif in the "file.inf", [slapd] section. Then: # /usr/sbin/setup-ds-admin -s -f file.inf It works well until...: [...] +[13/Aug/2008:15:07:17 -0400] NSMMReplicationPlugin - _replica_configure_ruv: replication broken for entry (o=NetscapeRoot); LDAP error - 1 +[13/Aug/2008:15:07:17 -0400] NSMMReplicationPlugin - Unable to configure replica o=NetscapeRoot: +[13/Aug/2008:15:07:17 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests +Your new directory server has been started. Your new DS instance ''INSTANCENAME'' was successfully created. Creating the configuration directory server . . . The suffix ''o=NetscapeRoot'' already exists. Config entry DN ''cn="o=NetscapeRoot",cn=mapping tree,cn=config''. Failed to create the configuration directory server Exiting . . . So, it won''t process LDIF files that I created according to the documentation, but if I force the creation of NetscapeRoot so the replica.ldif can be processed, it won''t continue because it already exists... Great... I removed replica_1.ldif, replica.ldif, replagreement.ldif from file.inf and ran this agan: # /usr/sbin/setup-ds-admin -s -f file.inf [...] The admin server was successfully started. Admin server was successfully created, configured, and started. Then, I manually created a replica and a replica agreement: /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager" -w PASSWD < replica.ldif /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager" -w PASSWD < replagreement.ldif It went with sucess. Now, step 2 from the doc... The inf file of the second server: ****** file.inf ****** [General] AdminDomain = EXAMPLE.DOMAIN SuiteSpotGroup = nobody ConfigDirectoryLdapURL = ldap://SERVER1 (or SERVER2, doesn''t matter, it fails).nl.rsft.net:389/o=NetscapeRoot ConfigDirectoryAdminID = admin FullMachineName = SERVER2 SuiteSpotUserID = nobody ConfigDirectoryAdminPwd = PASS [admin] ServerAdminID = admin ServerAdminPwd = PASS SysUser = nobody Port = 9830 [slapd] InstallLdifFile = suggest ServerIdentifier = SERVER2 ServerPort = 389 AddOrgEntries = Yes RootDN = cn=Directory Manager RootDNPwd = SERVER2 Suffix = dc=EXAMPLE,dc=DOMAIN UseExistingMC = 0 AddSampleEntries = No ConfigFile = netscaperootdb.ldif ConfigFile = repluser.ldif ConfigFile = changelog.ldif ConfigFile = replica.ldif ConfigFile = replagreement.ldif I won''t show repluser.ldif, changelog.ldif, replica.ldif and replagreement.ldif, they are same as above, except for netscapeootdb.ldif: ****************** netscaperootdb.ldif ****************** dn: cn="o=netscaperoot",cn=mapping tree,cn=config objectclass: top objectclass: extensibleObject objectclass: nsMappingTree nsslapd-state: backend nsslapd-backend: NetscapeRoot cn: o=NetscapeRoot I ran the script: # /usr/sbin/setup-ds.pl -s -f file.inf There''s not error until... [...] +importing data ... [13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, pages: 258922, procpages: 6198 [13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k [13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [13/Aug/2008:15:30:35 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, pages: 258922, procpages: 6198 [13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k [13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [13/Aug/2008:15:30:36 -0400] - import userRoot: Beginning import job... [13/Aug/2008:15:30:36 -0400] - import userRoot: Index buffering enabled with bucket size 100 [13/Aug/2008:15:30:36 -0400] - import userRoot: Processing file "/tmp/ldifBTMcP9.ldif" [13/Aug/2008:15:30:36 -0400] - import userRoot: Finished scanning file "/tmp/ldifBTMcP9.ldif" (9 entries) [13/Aug/2008:15:30:37 -0400] - import userRoot: Workers finished; cleaning up... [13/Aug/2008:15:30:37 -0400] - import userRoot: Workers cleaned up. [13/Aug/2008:15:30:37 -0400] - import userRoot: Cleaning up producer thread... [13/Aug/2008:15:30:37 -0400] - import userRoot: Indexing complete. Post-processing... [13/Aug/2008:15:30:37 -0400] - import userRoot: Flushing caches... [13/Aug/2008:15:30:37 -0400] - import userRoot: Closing files... [13/Aug/2008:15:30:37 -0400] - All database threads now stopped [13/Aug/2008:15:30:37 -0400] - import userRoot: Import complete. Processed 9 entries in 1 seconds. (9.00 entries/sec) +Starting the server: /usr/lib/dirsrv/slapd-myinstance/start-slapd +Started the server: code 256 Server failed to start !!! Please check errors log for problems + Red Hat-Directory/8.0.0 B2007.353.1757 + server2:389 (/etc/dirsrv/slapd-myinstance) + +[13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, pages: 258922, procpages: 6198 +[13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k +[13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 +[13/Aug/2008:15:30:35 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database +[13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, pages: 258922, procpages: 6198 +[13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k +[13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 +[13/Aug/2008:15:30:36 -0400] - import userRoot: Beginning import job... +[13/Aug/2008:15:30:36 -0400] - import userRoot: Index buffering enabled with bucket size 100 +[13/Aug/2008:15:30:36 -0400] - import userRoot: Processing file "/tmp/ldifBTMcP9.ldif" +[13/Aug/2008:15:30:36 -0400] - import userRoot: Finished scanning file "/tmp/ldifBTMcP9.ldif" (9 entries) +[13/Aug/2008:15:30:37 -0400] - import userRoot: Workers finished; cleaning up... +[13/Aug/2008:15:30:37 -0400] - import userRoot: Workers cleaned up. +[13/Aug/2008:15:30:37 -0400] - import userRoot: Cleaning up producer thread... +[13/Aug/2008:15:30:37 -0400] - import userRoot: Indexing complete. Post-processing... +[13/Aug/2008:15:30:37 -0400] - import userRoot: Flushing caches... +[13/Aug/2008:15:30:37 -0400] - import userRoot: Closing files... +[13/Aug/2008:15:30:37 -0400] - All database threads now stopped +[13/Aug/2008:15:30:37 -0400] - import userRoot: Import complete. Processed 9 entries in 1 seconds. (9.00 entries/sec) +[13/Aug/2008:15starting up +[13/Aug/2008:15:30:39 -0400] - I''m resizing my cache now...cache was 209715200 and is now 8000000 +[13/Aug/2008:15:30:39 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot And it hung up. I had to do CTRL-C to have prompt. Well, maybe it''s normal.. This server isn''t completely installed. So, step 3 from the doc, I ran it on the SERVER1: # /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager" -w PASSWD ldapmodify-bin: started Wed Aug 13 15:37:03 2008 ldap_init( localhost, 389 ) dn: cn=ExampleAgreement1,cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config changetype: modify replace: nsds5beginreplicarefresh nsds5beginreplicarefresh: start replace nsds5beginreplicarefresh: start modifying entry cn=ExampleAgreement1,cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config ldap_modify: No such object This is when I gave up and decided to create a NetscapeRoot''s replication directly from the Java console. I mean, I installed two LDAP servers with the second server that it uses the Configuration Server from the first server. The replication works very well between two servers (only if I setup from the Java console) but when I want to do the the step 4 from the doc (create local Administration Server), it doesn''t work, the script ''register-ds-admin.pl'' always fails. Thank you very much for your help! _________________________________________________________________ Try Chicktionary, a game that tests how many words you can form from the letters given. Find this and more puzzles at Live Search Games! http://g.msn.ca/ca55/207
Mister Anonyme wrote:> > Rich Megginson wrote: > >> Mister Anonyme wrote: > >> Hi, > >> I tried to follow the guidelines here: > >> > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html > >> And it doesn''t work. > > > >Can you be more specific? > > There you go... > > SERVER1 is first server, SERVER2 is second server (failover) > > =======================================> First step (from the doc): Install and configure the first Directory > Server instance. > =======================================> > ****** > file.inf > ****** > FullMachineName = SERVER1 > AdminDomain = MY DOMAIN NAME > SuiteSpotUserID = nobody > SuiteSpotGroup = nobody > ConfigDirectoryLdapURL = ldap://SERVER1:389/o=NetscapeRoot > ConfigDirectoryAdminID = admin > ConfigDirectoryAdminPwd = MY PASSWORD > > > [admin] > ServerAdminID = admin > ServerAdminPwd = MY PASSWORD > SysUser = nobody > ServerIpAddress = MY SERVER IP ADDRESS > Port = 9830 > > [slapd] > InstallLdifFile = suggest > ServerIdentifier = SERVER1 > ServerPort = 389 > AddOrgEntries = Yes > RootDN = cn=Directory Manager > RootDNPwd = MY DS PASSWORD > SlapdConfigForMC = yes > Suffix = dc=EXAMPLE, dc=NET > UseExistingMC = 0 > AddSampleEntries = Yes > ConfigFile = repluser.ldif > ConfigFile = changelog.ldif > ConfigFile = replica.ldif > ConfigFile = replagreement.ldif > > *************** > repluser.ldif > *************** > dn: cn=replication manager,cn=config > objectClass: inetorgperson > objectClass: person > objectClass: top > cn: replication manager > sn: RM > userPassword: MY ENCRYPTED PASSWORD > passwordExpirationTime: 20380119031407Z > > **************** > changelog.ldif > **************** > dn: cn=changelog5,cn=config > objectclass: top > objectclass: extensibleObject > cn: changelog5 > nsslapd-changelogdir: /var/lib/dirsrv/slapd-MYINSTANCE/changelogdb > > > ************ > replica.ldif > ************* > dn: cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config > objectclass: top > objectclass: nsds5replica > objectclass: extensibleObject > cn: replica > nsds5replicaroot: o=NetscapeRoot > nsds5replicaid: 1 > nsds5replicatype: 3 > nsds5flags: 1 > nsds5ReplicaPurgeDelay: 604800 > nsds5ReplicaBindDN: cn=replication manager,cn=config > > > ****************** > replagreement.ldif > ****************** > dn: cn=replication_netscaperoot,cn=replica,cn="o=Netscaperoot",cn=mapping > tree,cn=config > objectclass: top > objectclass: nsds5replicationagreement > cn: replication_netscaperoot > nsds5replicahost: SECONDARY LDAP SERVER HOSTNAME > nsds5replicaport: 389 > nsds5ReplicaBindDN: cn=replication manager > nsds5replicabindmethod: SIMPLE > nsds5replicaroot: o=Netscaperoot > description: replication netscaperoot > nsds5replicacredentials: ENCRYPTEDPASSWORD > nsds5BeginReplicaRefresh: start > > I run this command: > > > # /usr/sbin/setup-ds-admin -s -f file.inf > > > Here''s the log: > [...] > +Processing repluser.ldif ... > +++check_and_add_entry: Entry not found cn=replication > manager,cn=config error No such object > +Entry cn=replication manager,cn=config is added > > +Processing changelog.ldif ... > +++check_and_add_entry: Entry not found cn=changelog5,cn=config error > No such object > +Entry cn=changelog5,cn=config is added > > +Processing replica.ldif ... > +++check_and_add_entry: Entry not found > cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config error No such > object > +ERROR: adding an entry cn=replica,cn="o=NetscapeRoot",cn=mapping > tree,cn=config failed, error: No such object > dn: cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config > objectclass: top > objectclass: nsds5replica > objectclass: extensibleObject > cn: replica > nsds5replicaroot: o=NetscapeRoot > nsds5replicaid: 1 > nsds5replicatype: 3 > nsds5flags: 1 > nsds5replicapurgedelay: 604800 > nsds5replicabinddn: cn=replication manager,cn=config > > +ERROR: There was an error processing entry > cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config > +Cannot continue processing entries. > > > So, I created another file (the documentation didn''t mention this so I > don''t know if it''s the ''good'' procedure...):I think it is mentioned in the documentation. http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html "2. Install and configure the second Directory Server instance. For the second server, |server2.example.com|, use the |setup-ds.pl| command, which installs a Directory Server instance without installing a local Administration Server. " Which is what you did below anyway. However, there is a doc bug: "ConfigFile = netscaperootdb.ldif example suffix entry" This links to an example of the suffix only, which is what you did below - the ldif only creates the suffix, not the associated database. The LDIF file should contain this: dn: cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config objectclass: top objectclass: extensibleObject objectclass: nsBackendInstance nsslapd-suffix: o=NetscapeRoot cn: NetscapeRoot dn: cn=encrypted attribute keys,cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config objectClass: top objectClass: extensibleObject cn: encrypted attributes keys dn: cn=encrypted attributes,cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config objectClass: top objectClass: extensibleObject cn: encrypted attributes dn: cn="o=NetscapeRoot",cn=mapping tree,cn=config objectclass: top objectclass: extensibleObject objectclass: nsMappingTree cn: "o=NetscapeRoot" nsslapd-state: backend nsslapd-backend: NetscapeRoot> > ************* > replica_1.ldif > ************* > dn: cn="o=NetscapeRoot",cn=mapping tree,cn=config > objectclass: top > objectclass: nsMappingTree > objectclass: extensibleObject > cn: "o=NetscapeRoot" > > > I added just before the replica.ldif in the "file.inf", [slapd] section. > > Then: > > # /usr/sbin/setup-ds-admin -s -f file.inf > > It works well until...: > [...] > +[13/Aug/2008:15:07:17 -0400] NSMMReplicationPlugin - > _replica_configure_ruv: replication broken for entry (o=NetscapeRoot); > LDAP error - 1 > +[13/Aug/2008:15:07:17 -0400] NSMMReplicationPlugin - Unable to > configure replica o=NetscapeRoot: > +[13/Aug/2008:15:07:17 -0400] - slapd started. Listening on All > Interfaces port 389 for LDAP requests > +Your new directory server has been started. > Your new DS instance ''INSTANCENAME'' was successfully created. > Creating the configuration directory server . . . > The suffix ''o=NetscapeRoot'' already exists. Config entry DN > ''cn="o=NetscapeRoot",cn=mapping tree,cn=config''. > > Failed to create the configuration directory server > Exiting . . . > > So, it won''t process LDIF files that I created according to the > documentation, but if I force the creation of NetscapeRoot so the > replica.ldif can be processed, it won''t continue because it already > exists... > > Great... > > I removed replica_1.ldif, replica.ldif, replagreement.ldif from > file.inf and ran this agan: > > # /usr/sbin/setup-ds-admin -s -f file.inf > > [...] > The admin server was successfully started. > Admin server was successfully created, configured, and started. > > Then, I manually created a replica and a replica agreement: > > /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager" -w PASSWD < > replica.ldif > /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager" -w PASSWD < > replagreement.ldif > > It went with sucess. > > Now, step 2 from the doc... > > The inf file of the second server: > > ****** > file.inf > ****** > [General] > AdminDomain = EXAMPLE.DOMAIN > SuiteSpotGroup = nobody > ConfigDirectoryLdapURL = ldap://SERVER1 (or SERVER2, doesn''t matter, > it fails).nl.rsft.net:389/o=NetscapeRoot > ConfigDirectoryAdminID = admin > FullMachineName = SERVER2 > SuiteSpotUserID = nobody > ConfigDirectoryAdminPwd = PASS > > [admin] > ServerAdminID = admin > ServerAdminPwd = PASS > SysUser = nobody > Port = 9830 > > > [slapd] > InstallLdifFile = suggest > ServerIdentifier = SERVER2 > ServerPort = 389 > AddOrgEntries = Yes > RootDN = cn=Directory Manager > RootDNPwd = SERVER2 > Suffix = dc=EXAMPLE,dc=DOMAIN > UseExistingMC = 0 > AddSampleEntries = No > ConfigFile = netscaperootdb.ldif > ConfigFile = repluser.ldif > ConfigFile = changelog.ldif > ConfigFile = replica.ldif > ConfigFile = replagreement.ldif > > > I won''t show repluser.ldif, changelog.ldif, replica.ldif and > replagreement.ldif, they are same as above, except for netscapeootdb.ldif: > > ****************** > netscaperootdb.ldif > ****************** > dn: cn="o=netscaperoot",cn=mapping tree,cn=config > objectclass: top > objectclass: extensibleObject > objectclass: nsMappingTree > nsslapd-state: backend > nsslapd-backend: NetscapeRoot > cn: o=NetscapeRoot > > > I ran the script: > > # /usr/sbin/setup-ds.pl -s -f file.inf > > There''s not error until... > [...] > +importing data ... > [13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, > pages: 258922, procpages: 6198 > [13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k > [13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, > import_pages: 51200, pagesize: 4096 > [13/Aug/2008:15:30:35 -0400] - WARNING: Import is running with > nsslapd-db-private-import-mem on; No other process is allowed to > access the database > [13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, > pages: 258922, procpages: 6198 > [13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k > [13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, > import_pages: 51200, pagesize: 4096 > [13/Aug/2008:15:30:36 -0400] - import userRoot: Beginning import job... > [13/Aug/2008:15:30:36 -0400] - import userRoot: Index buffering > enabled with bucket size 100 > [13/Aug/2008:15:30:36 -0400] - import userRoot: Processing file > "/tmp/ldifBTMcP9.ldif" > [13/Aug/2008:15:30:36 -0400] - import userRoot: Finished scanning file > "/tmp/ldifBTMcP9.ldif" (9 entries) > [13/Aug/2008:15:30:37 -0400] - import userRoot: Workers finished; > cleaning up... > [13/Aug/2008:15:30:37 -0400] - import userRoot: Workers cleaned up. > [13/Aug/2008:15:30:37 -0400] - import userRoot: Cleaning up producer > thread... > [13/Aug/2008:15:30:37 -0400] - import userRoot: Indexing complete. > Post-processing... > [13/Aug/2008:15:30:37 -0400] - import userRoot: Flushing caches... > [13/Aug/2008:15:30:37 -0400] - import userRoot: Closing files... > [13/Aug/2008:15:30:37 -0400] - All database threads now stopped > [13/Aug/2008:15:30:37 -0400] - import userRoot: Import complete. > Processed 9 entries in 1 seconds. (9.00 entries/sec) > +Starting the server: /usr/lib/dirsrv/slapd-myinstance/start-slapd > +Started the server: code 256 > Server failed to start !!! Please check errors log for problems > + Red Hat-Directory/8.0.0 B2007.353.1757 > + server2:389 (/etc/dirsrv/slapd-myinstance) > + > +[13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: > 4096, pages: 258922, procpages: 6198 > +[13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k > +[13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, > import_pages: 51200, pagesize: 4096 > +[13/Aug/2008:15:30:35 -0400] - WARNING: Import is running with > nsslapd-db-private-import-mem on; No other process is allowed to > access the database > +[13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: > 4096, pages: 258922, procpages: 6198 > +[13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k > +[13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, > import_pages: 51200, pagesize: 4096 > +[13/Aug/2008:15:30:36 -0400] - import userRoot: Beginning import job... > +[13/Aug/2008:15:30:36 -0400] - import userRoot: Index buffering > enabled with bucket size 100 > +[13/Aug/2008:15:30:36 -0400] - import userRoot: Processing file > "/tmp/ldifBTMcP9.ldif" > +[13/Aug/2008:15:30:36 -0400] - import userRoot: Finished scanning > file "/tmp/ldifBTMcP9.ldif" (9 entries) > +[13/Aug/2008:15:30:37 -0400] - import userRoot: Workers finished; > cleaning up... > +[13/Aug/2008:15:30:37 -0400] - import userRoot: Workers cleaned up. > +[13/Aug/2008:15:30:37 -0400] - import userRoot: Cleaning up producer > thread... > +[13/Aug/2008:15:30:37 -0400] - import userRoot: Indexing complete. > Post-processing... > +[13/Aug/2008:15:30:37 -0400] - import userRoot: Flushing caches... > +[13/Aug/2008:15:30:37 -0400] - import userRoot: Closing files... > +[13/Aug/2008:15:30:37 -0400] - All database threads now stopped > +[13/Aug/2008:15:30:37 -0400] - import userRoot: Import complete. > Processed 9 entries in 1 seconds. (9.00 entries/sec) > +[13/Aug/2008:15starting up > +[13/Aug/2008:15:30:39 -0400] - I''m resizing my cache now...cache was > 209715200 and is now 8000000 > +[13/Aug/2008:15:30:39 -0400] - Warning: Mapping tree node entry for > o=NetscapeRoot point to an unknown backend : NetscapeRoot > +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for > o=NetscapeRoot point to an unknown backend : NetscapeRoot > +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for > o=NetscapeRoot point to an unknown backend : NetscapeRoot > +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for > o=NetscapeRoot point to an unknown backend : NetscapeRoot > +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for > o=NetscapeRoot point to an unknown backend : NetscapeRoot > +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for > o=NetscapeRoot point to an unknown backend : NetscapeRoot > > > And it hung up. I had to do CTRL-C to have prompt. Well, maybe it''s > normal.. This server isn''t completely installed. > > So, step 3 from the doc, I ran it on the SERVER1: > > # /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager" -w PASSWD > ldapmodify-bin: started Wed Aug 13 15:37:03 2008 > > ldap_init( localhost, 389 ) > dn: cn=ExampleAgreement1,cn=replica,cn="o=NetscapeRoot",cn=mapping > tree,cn=config > changetype: modify > replace: nsds5beginreplicarefresh > nsds5beginreplicarefresh: start > replace nsds5beginreplicarefresh: > start > modifying entry > cn=ExampleAgreement1,cn=replica,cn="o=NetscapeRoot",cn=mapping > tree,cn=config > ldap_modify: No such object > > This is when I gave up and decided to create a NetscapeRoot''s > replication directly from the Java console. I mean, I installed two > LDAP servers with the second server that it uses the Configuration > Server from the first server. > > The replication works very well between two servers (only if I setup > from the Java console) but when I want to do the the step 4 from the > doc (create local Administration Server), it doesn''t work, the script > ''register-ds-admin.pl'' always fails. > > Thank you very much for your help! > > ------------------------------------------------------------------------ > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
> Date: Wed, 13 Aug 2008 14:03:31 -0600 > From: rmeggins@redhat.com > To: fedora-directory-users@redhat.com > Subject: Re: [Fedora-directory-users] (no subject)> I think it is mentioned in the documentation. > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html > "2. Install and configure the second Directory Server instance. For the > second server, |server2.example.com|, use the |setup-ds.pl| command, > which installs a Directory Server instance without installing a local > Administration Server. " > > Which is what you did below anyway. However, there is a doc bug: > "ConfigFile = netscaperootdb.ldif example suffix entry" > This links to an example of the suffix only, which is what you did below > - the ldif only creates the suffix, not the associated database. > > The LDIF file should contain this: > > dn: cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config > objectclass: top > objectclass: extensibleObject > objectclass: nsBackendInstance > nsslapd-suffix: o=NetscapeRoot > cn: NetscapeRoot > > dn: cn=encrypted attribute keys,cn=NetscapeRoot,cn=ldbm > database,cn=plugins,cn=config > objectClass: top > objectClass: extensibleObject > cn: encrypted attributes keys > > dn: cn=encrypted attributes,cn=NetscapeRoot,cn=ldbm > database,cn=plugins,cn=config > objectClass: top > objectClass: extensibleObject > cn: encrypted attributes > > dn: cn="o=NetscapeRoot",cn=mapping tree,cn=config > objectclass: top > objectclass: extensibleObject > objectclass: nsMappingTree > cn: "o=NetscapeRoot" > nsslapd-state: backend > nsslapd-backend: NetscapeRootGreat! It fixed the issue. I was also able to synchronize between two servers. But, when I execute the register-ds-admin.pl (step 4), I have this: # /usr/sbin/register-ds-admin.pl Beginning registration of the Directory Server =============================================================================The Directory Server locates its configuration file (dse.ldif) at /etc/dirsrv/slapd-ID, by default. If you have Directory Server(s) which configuration file is put at the other location, you need to input it to register the server. If you have such Directory Server, type the full path that stores the configuration file. If you don''t, type return. [configuration directory path or return]: =============================================================================Candidate servers to register: /etc/dirsrv/slapd-myinstance =============================================================================Do you want to use this server as Configuration Directory Server? Directory server identifier [myinstance]: =============================================================================The server must run as a specific user in a specific group. It is strongly recommended that this user should have no privileges on the computer (i.e. a non-root user). The setup procedure will give this user/group some permissions in specific paths/files to perform server-specific operations. If you have not yet created a user and group for the server, create this user and group using your native operating system utilities. System User [nobody]: System Group [nobody]: =============================================================================Please specify the information about your configuration directory server. The following information is required: - host (fully qualified), port (non-secure or secure), suffix, protocol (ldap or ldaps) - this information should be provided in the form of an LDAP url e.g. for non-secure ldap://host.example.com:389/o=NetscapeRoot or for secure ldaps://host.example.com:636/o=NetscapeRoot - admin ID and password - admin domain - a CA certificate file may be required if you choose to use ldaps and security has not yet been configured - the file must be in PEM/ASCII format - specify the absolute path and filename Configuration directory server URL [ldap://SERVER2:389/o=NetscapeRoot]: Configuration directory server admin ID [admin]: Configuration directory server admin password: Configuration directory server admin password (confirm): Configuration directory server admin domain [DOMAIN]: DOMAIN =============================================================================The information stored in the configuration directory server can be separated into different Administration Domains. If you are managing multiple software releases at the same time, or managing information about multiple domains, you may use the Administration Domain to keep them separate. If you are not using administrative domains, press Enter to select the default. Otherwise, enter some descriptive, unique name for the administration domain, such as the name of the organization responsible for managing the domain. Administration Domain [DOMAIN]: =============================================================================The Administration Server is separate from any of your web or application servers since it listens to a different port and access to it is restricted. Pick a port number between 1024 and 65535 to run your Administration Server on. You should NOT use a port number which you plan to run a web or application server on, rather, select a number which you will remember and which will not be used for anything else. Administration port [9830]: =============================================================================Registering new Config DS: SERVER2 =============================================================================Input the Directory Server password on the server SERVER2: Error: failed to register the configuration server info to the Configuration Directory Server SERVER2. _________________________________________________________________ Find hidden words, unscramble celebrity names, or try the ultimate crossword puzzle with Live Search Games. Play now! http://g.msn.ca/ca55/212
Mister Anonyme wrote:> > Date: Wed, 13 Aug 2008 14:03:31 -0600 > > From: rmeggins@redhat.com > > To: fedora-directory-users@redhat.com > > Subject: Re: [Fedora-directory-users] (no subject) > > > I think it is mentioned in the documentation. > > > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html > > "2. Install and configure the second Directory Server instance. For the > > second server, |server2.example.com|, use the |setup-ds.pl| command, > > which installs a Directory Server instance without installing a local > > Administration Server. " > > > > Which is what you did below anyway. However, there is a doc bug: > > "ConfigFile = netscaperootdb.ldif example suffix entry" > > This links to an example of the suffix only, which is what you did > below > > - the ldif only creates the suffix, not the associated database. > > > > The LDIF file should contain this: > > > > dn: cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config > > objectclass: top > > objectclass: extensibleObject > > objectclass: nsBackendInstance > > nsslapd-suffix: o=NetscapeRoot > > cn: NetscapeRoot > > > > dn: cn=encrypted attribute keys,cn=NetscapeRoot,cn=ldbm > > database,cn=plugins,cn=config > > objectClass: top > > objectClass: extensibleObject > > cn: encrypted attributes keys > > > > dn: cn=encrypted attributes,cn=NetscapeRoot,cn=ldbm > > database,cn=plugins,cn=config > > objectClass: top > > objectClass: extensibleObject > > cn: encrypted attributes > > > > dn: cn="o=NetscapeRoot",cn=mapping tree,cn=config > > objectclass: top > > objectclass: extensibleObject > > objectclass: nsMappingTree > > cn: "o=NetscapeRoot" > > nsslapd-state: backend > > nsslapd-backend: NetscapeRoot > > > Great! It fixed the issue. > > I was also able to synchronize between two servers. > > But, when I execute the register-ds-admin.pl (step 4), I have this: > > # /usr/sbin/register-ds-admin.pl > Beginning registration of the Directory Server > =============================================================================> The Directory Server locates its configuration file (dse.ldif) at > /etc/dirsrv/slapd-ID, by default. If you have Directory Server(s) > which configuration file is put at the other location, you need to > input it to register the server. > > If you have such Directory Server, type the full path that stores the > configuration file. > > If you don''t, type return. > [configuration directory path or return]: > > > =============================================================================> Candidate servers to register: > /etc/dirsrv/slapd-myinstance > > =============================================================================> Do you want to use this server as Configuration Directory Server? > > Directory server identifier [myinstance]: > > =============================================================================> The server must run as a specific user in a specific group. > It is strongly recommended that this user should have no privileges > on the computer (i.e. a non-root user). The setup procedure > will give this user/group some permissions in specific paths/files > to perform server-specific operations. > > If you have not yet created a user and group for the server, > create this user and group using your native operating > system utilities. > > System User [nobody]: > System Group [nobody]: > > =============================================================================> Please specify the information about your configuration directory > server. The following information is required: > - host (fully qualified), port (non-secure or secure), suffix, > protocol (ldap or ldaps) - this information should be provided in the > form of an LDAP url e.g. for non-secure > ldap://host.example.com:389/o=NetscapeRoot > or for secure > ldaps://host.example.com:636/o=NetscapeRoot > - admin ID and password > - admin domain > - a CA certificate file may be required if you choose to use ldaps and > security has not yet been configured - the file must be in PEM/ASCII > format - specify the absolute path and filename > > Configuration directory server URL [ldap://SERVER2:389/o=NetscapeRoot]: > Configuration directory server admin ID [admin]: > Configuration directory server admin password: > Configuration directory server admin password (confirm): > Configuration directory server admin domain [DOMAIN]: DOMAIN > > =============================================================================> The information stored in the configuration directory server can be > separated into different Administration Domains. If you are managing > multiple software releases at the same time, or managing information > about multiple domains, you may use the Administration Domain to keep > them separate. > > If you are not using administrative domains, press Enter to select the > default. Otherwise, enter some descriptive, unique name for the > administration domain, such as the name of the organization > responsible for managing the domain. > > Administration Domain [DOMAIN]: > > =============================================================================> The Administration Server is separate from any of your web or application > servers since it listens to a different port and access to it is > restricted. > > Pick a port number between 1024 and 65535 to run your Administration > Server on. You should NOT use a port number which you plan to > run a web or application server on, rather, select a number which you > will remember and which will not be used for anything else. > > Administration port [9830]: > > =============================================================================> Registering new Config DS: SERVER2 > > =============================================================================> Input the Directory Server password on the server SERVER2: > Error: failed to register the configuration server info to the > Configuration Directory Server SERVER2.Hmm - not sure. Either earlier attempts have broken something past the point of repair, or there is a bug in register-ds-admin.pl - maybe it expects o=NetscapeRoot to not already exist? But then the setup step earlier would fail without it. Try register-ds-admin.pl -ddd> > > > ------------------------------------------------------------------------ > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
> Date: Wed, 13 Aug 2008 14:57:59 -0600 > From: rmeggins@redhat.com > To: fedora-directory-users@redhat.com > Subject: Re: [Fedora-directory-users] (no subject)=============================================================================> > Input the Directory Server password on the server SERVER2:> > Error: failed to register the configuration server info to the > > Configuration Directory Server SERVER2. > Hmm - not sure. Either earlier attempts have broken something past the > point of repair, or there is a bug in register-ds-admin.pl - maybe it > expects o=NetscapeRoot to not already exist? But then the setup step > earlier would fail without it. Try register-ds-admin.pl -dddOK. I deinstalled all packages and did a rm -rf of all directories like this: rm -rf /etc/dirsrv /usr/lib/dirsrv /usr/share/dirsrv /var/lib/dirsrv/ /var/lock/dirsrv /var/log/dirsrv /usr/share/dirsrv/manual/en/admin /tmp/setup*.{log,inf} And re-installed and I ran /usr/sbin/setup-ds.pl with the same LDIF files that I showed you earlier with a fix that you provided. After, I did a synchronize of the replication with success (replication status confirmed that it worked). In other words, it went without any errors. Then, I did a /usr/sbin/register-ds-admin.pl -ddd on the second server and there you go: [root@SERVER2 ~]# /usr/sbin/register-ds-admin.pl -ddd Beginning registration of the Directory Server =============================================================================The Directory Server locates its configuration file (dse.ldif) at /etc/dirsrv/slapd-ID, by default. If you have Directory Server(s) which configuration file is put at the other location, you need to input it to register the server. If you have such Directory Server, type the full path that stores the configuration file. If you don''t, type return. [configuration directory path or return]: =============================================================================Candidate servers to register: /etc/dirsrv/slapd-SERVER2 =============================================================================Do you want to use this server as Configuration Directory Server? Directory server identifier [SERVER2]: =============================================================================The server must run as a specific user in a specific group. It is strongly recommended that this user should have no privileges on the computer (i.e. a non-root user). The setup procedure will give this user/group some permissions in specific paths/files to perform server-specific operations. If you have not yet created a user and group for the server, create this user and group using your native operating system utilities. System User [nobody]: System Group [nobody]: =============================================================================Please specify the information about your configuration directory server. The following information is required: - host (fully qualified), port (non-secure or secure), suffix, protocol (ldap or ldaps) - this information should be provided in the form of an LDAP url e.g. for non-secure ldap://host.example.com:389/o=NetscapeRoot or for secure ldaps://host.example.com:636/o=NetscapeRoot - admin ID and password - admin domain - a CA certificate file may be required if you choose to use ldaps and security has not yet been configured - the file must be in PEM/ASCII format - specify the absolute path and filename Configuration directory server URL [ldap://SERVER2:389/o=NetscapeRoot]: Configuration directory server admin ID [admin]: Configuration directory server admin password: Configuration directory server admin password (confirm): Configuration directory server admin domain [DOMAIN.NET]: DOMAIN.NET =============================================================================The information stored in the configuration directory server can be separated into different Administration Domains. If you are managing multiple software releases at the same time, or managing information about multiple domains, you may use the Administration Domain to keep them separate. If you are not using administrative domains, press Enter to select the default. Otherwise, enter some descriptive, unique name for the administration domain, such as the name of the organization responsible for managing the domain. Administration Domain [DOMAIN.NET]: DOMAIN.NET =============================================================================The Administration Server is separate from any of your web or application servers since it listens to a different port and access to it is restricted. Pick a port number between 1024 and 65535 to run your Administration Server on. You should NOT use a port number which you plan to run a web or application server on, rather, select a number which you will remember and which will not be used for anything else. Administration port [9830]: =============================================================================Registering new Config DS: SERVER2 =============================================================================Input the Directory Server password on the server SERVER2: +Processing /usr/share/dirsrv/data/10dsdata.ldif.tmpl ... +++check_and_add_entry: Found entry o=NetscapeRoot +++Adding attr=aci value=(targetattr = "*")(version 3.0; acl "SIE Group (SERVER2)"; allow (all) groupdn = "ldap:///cn=slapd-SERVER2, cn=Red Hat Directory Server, cn=Server Group, cn=SERVER2., ou=DOMAIN, o=NetscapeRoot";) to entry o=NetscapeRoot +++check_and_add_entry: Entry not found cn=Red Hat Directory Server, cn=Server Group, cn=SERVER2., ou=DOMAIN, o=NetscapeRoot error No such object +ERROR: adding an entry cn=Red Hat Directory Server, cn=Server Group, cn=SERVER2., ou=DOMAIN, o=NetscapeRoot failed, error: No such object dn: cn=Red Hat Directory Server, cn=Server Group, cn=SERVER2., ou DOMAIN, o=NetscapeRoot objectclass: nsApplication objectclass: groupOfUniqueNames objectclass: top cn: Red Hat Directory Server nsproductname: Red Hat Directory Server nsproductversion: 8.0.0 nsnickname: slapd nsbuildnumber: 2007.353.1757 nsvendor: Red Hat installationtimestamp: 20080814121046Z nsexpirationdate: 0 nsbuildsecurity: domestic uniquemember: cn=slapd-SERVER2, cn=Red Hat Directory Server, cn=Server Group, cn=SERVER2., ou=DOMAIN, o=NetscapeRoot nsservermigrationclassname: com.netscape.admin.dirserv.task.MigrateCreate@redh at-ds-8.0.jar@cn=admin-serv-SERVER2, cn=Red Hat Administration Server, cn=Se rver Group, cn=SERVER2., ou=DOMAIN, o=NetscapeRoot nsservercreationclassname: com.netscape.admin.dirserv.task.MigrateCreate@redha t-ds-8.0.jar@cn=admin-serv-SERVER2, cn=Red Hat Administration Server, cn=Ser ver Group, cn=SERVER2., ou=DOMAIN, o=NetscapeRoot +ERROR: There was an error processing entry cn=Red Hat Directory Server, cn=Server Group, cn=SERVER2., ou=DOMAIN, o=NetscapeRoot +Cannot continue processing entries. Error: failed to register the configuration server info to the Configuration Directory Server SERVER2. Thanks again for your help. _________________________________________________________________
Mister Anonyme wrote:> > Date: Wed, 13 Aug 2008 14:57:59 -0600 > > From: rmeggins@redhat.com > > To: fedora-directory-users@redhat.com > > Subject: Re: [Fedora-directory-users] (no subject) > =============================================================================> > > Input the Directory Server password on the server SERVER2: > > > Error: failed to register the configuration server info to the > > > Configuration Directory Server SERVER2. > > Hmm - not sure. Either earlier attempts have broken something past the > > point of repair, or there is a bug in register-ds-admin.pl - maybe it > > expects o=NetscapeRoot to not already exist? But then the setup step > > earlier would fail without it. Try register-ds-admin.pl -ddd > > OK. > > I deinstalled all packages and did a rm -rf of all directories like this: > > rm -rf /etc/dirsrv /usr/lib/dirsrv /usr/share/dirsrv /var/lib/dirsrv/ > /var/lock/dirsrv /var/log/dirsrv /usr/share/dirsrv/manual/en/admin > /tmp/setup*.{log,inf} > > And re-installed and I ran /usr/sbin/setup-ds.pl with the same LDIF > files that I showed you earlier with a fix that you provided. After, > I did a synchronize of the replication with success (replication > status confirmed that it worked). In other words, it went without any > errors. > > Then, I did a /usr/sbin/register-ds-admin.pl -ddd on the second server > and there you go: > > [root@SERVER2 ~]# /usr/sbin/register-ds-admin.pl -ddd > Beginning registration of the Directory Server > =============================================================================> The Directory Server locates its configuration file (dse.ldif) at > /etc/dirsrv/slapd-ID, by default. If you have Directory Server(s) > which configuration file is put at the other location, you need to > input it to register the server. > > If you have such Directory Server, type the full path that stores the > configuration file. > > If you don''t, type return. > [configuration directory path or return]: > > > =============================================================================> Candidate servers to register: > /etc/dirsrv/slapd-SERVER2 > > =============================================================================> Do you want to use this server as Configuration Directory Server? > > Directory server identifier [SERVER2]: > > =============================================================================> The server must run as a specific user in a specific group. > It is strongly recommended that this user should have no privileges > on the computer (i.e. a non-root user). The setup procedure > will give this user/group some permissions in specific paths/files > to perform server-specific operations. > > If you have not yet created a user and group for the server, > create this user and group using your native operating > system utilities. > > System User [nobody]: > System Group [nobody]: > > =============================================================================> Please specify the information about your configuration directory > server. The following information is required: > - host (fully qualified), port (non-secure or secure), suffix, > protocol (ldap or ldaps) - this information should be provided in the > form of an LDAP url e.g. for non-secure > ldap://host.example.com:389/o=NetscapeRoot > or for secure > ldaps://host.example.com:636/o=NetscapeRoot > - admin ID and password > - admin domain > - a CA certificate file may be required if you choose to use ldaps and > security has not yet been configured - the file must be in PEM/ASCII > format - specify the absolute path and filename > > Configuration directory server URL [ldap://SERVER2:389/o=NetscapeRoot]: > Configuration directory server admin ID [admin]: > Configuration directory server admin password: > Configuration directory server admin password (confirm): > Configuration directory server admin domain [DOMAIN.NET]: DOMAIN.NET > > =============================================================================> The information stored in the configuration directory server can be > separated into different Administration Domains. If you are managing > multiple software releases at the same time, or managing information > about multiple domains, you may use the Administration Domain to keep > them separate. > > If you are not using administrative domains, press Enter to select the > default. Otherwise, enter some descriptive, unique name for the > administration domain, such as the name of the organization > responsible for managing the domain. > > Administration Domain [DOMAIN.NET]: DOMAIN.NET > > =============================================================================> The Administration Server is separate from any of your web or application > servers since it listens to a different port and access to it is > restricted. > > Pick a port number between 1024 and 65535 to run your Administration > Server on. You should NOT use a port number which you plan to > run a web or application server on, rather, select a number which you > will remember and which will not be used for anything else. > > Administration port [9830]: > > =============================================================================> Registering new Config DS: SERVER2 > > =============================================================================> Input the Directory Server password on the server SERVER2: > +Processing /usr/share/dirsrv/data/10dsdata.ldif.tmpl ... > +++check_and_add_entry: Found entry o=NetscapeRoot > +++Adding attr=aci value=(targetattr = "*")(version 3.0; acl "SIE > Group (SERVER2)"; allow (all) groupdn = "ldap:///cn=slapd-SERVER2, > cn=Red Hat Directory Server, cn=Server Group, cn=SERVER2., ou=DOMAIN, > o=NetscapeRoot";) to entry o=NetscapeRoot > +++check_and_add_entry: Entry not found cn=Red Hat Directory Server, > cn=Server Group, cn=SERVER2., ou=DOMAIN, o=NetscapeRoot error No such > object > +ERROR: adding an entry cn=Red Hat Directory Server, cn=Server Group, > cn=SERVER2., ou=DOMAIN, o=NetscapeRoot failed, error: No such object > dn: cn=Red Hat Directory Server, cn=Server Group, cn=SERVER2., ou> DOMAIN, o=NetscapeRoot > objectclass: nsApplication > objectclass: groupOfUniqueNames > objectclass: top > cn: Red Hat Directory Server > nsproductname: Red Hat Directory Server > nsproductversion: 8.0.0 > nsnickname: slapd > nsbuildnumber: 2007.353.1757 > nsvendor: Red Hat > installationtimestamp: 20080814121046Z > nsexpirationdate: 0 > nsbuildsecurity: domestic > uniquemember: cn=slapd-SERVER2, cn=Red Hat Directory Server, cn=Server > Group, > cn=SERVER2., ou=DOMAIN, o=NetscapeRoot > nsservermigrationclassname: > com.netscape.admin.dirserv.task.MigrateCreate@redh > at-ds-8.0.jar@cn=admin-serv-SERVER2, cn=Red Hat Administration > Server, cn=Se > rver Group, cn=SERVER2., ou=DOMAIN, o=NetscapeRoot > nsservercreationclassname: > com.netscape.admin.dirserv.task.MigrateCreate@redha > t-ds-8.0.jar@cn=admin-serv-SERVER2, cn=Red Hat Administration Server, > cn=Ser > ver Group, cn=SERVER2., ou=DOMAIN, o=NetscapeRoot > > +ERROR: There was an error processing entry cn=Red Hat Directory > Server, cn=Server Group, cn=SERVER2., ou=DOMAIN, o=NetscapeRoot > +Cannot continue processing entries. > Error: failed to register the configuration server info to the > Configuration Directory Server SERVER2. > > Thanks again for your help.Looks like https://bugzilla.redhat.com/show_bug.cgi?id=431103 again rears its ugly head.> > > ------------------------------------------------------------------------ > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
> Date: Thu, 14 Aug 2008 08:30:18 -0600 > From: rmeggins@redhat.com > To: fedora-directory-users@redhat.com > Subject: Re: [Fedora-directory-users] (no subject) > > > Thanks again for your help. > Looks like https://bugzilla.redhat.com/show_bug.cgi?id=431103 again > rears its ugly head. > >Finally, it worked... It wasn''t easy to setup that kind of fail-over system, but it works now. Thanks for your time and help! _________________________________________________________________ Find hidden words, unscramble celebrity names, or try the ultimate crossword puzzle with Live Search Games. Play now! http://g.msn.ca/ca55/212