iplanet ldap 5.1. replication.

From: synrat (synrat@wirewalk.org)
Date: Mon Dec 15 2003 - 15:55:09 EST

• Next message: Michael Stalnaker: "E280 T3 connectivity woes"
• Previous message: Dave Martini 1: "SUMMARY:nis server unreachable error when initializing nis client"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi everybody. I'm having a bit of a problem getting replication working
with LDAP bundled with Solaris 9. I'm following example from Haines and
Bialaski book (ldap in the solaris operating env, deplyong secure services
).

I have 2 machines running Sol9 and Iplanet LDAP 5.1. sun1 and sun2
respectively. I'm trying to do multimaster replication, so that if
anything should happen to either machine or instance of LDAP, the
directory is still available for reading and writting.

The book suggests creating account for replication and unique id for
nsds5replicaid on each machine. ( there were no object classes used in the
book for Replication Manager, so I used top,person. It wouldn't import it
otherwise )

dn: cn=Replication Manager, cn=replication, cn=config
changetype: add
objectclass: top
objectclass: person
sn: Replication Manager
userPassword: mypassword

dn: cn=replica,cn="dc=mydomain,dc=com",cn=mapping tree, cn=config
changetype: add
objectclass: top
objectclass: nsds5replica
objectclass: extensibleObject
cn: replica
nsds5replicaroot: dc=mydomain,dc=com
nsds5replicaid: 1
nsds5replicatype: 3
nsds5flags: 1
nsds5replicationbinddn: cn:Replication Manager, cn=replication, cn=config
nsds5ReplicaPurgeDelay: 864000
nsds5ReplicaTombstonePurgeInterval: 1800

then agreements for both machines using different host names and
credentials for Replication Manager

dn: cn=agreement1, cn=replica, cn="dc=mydomain,dc=com",cn=mapping
tree,cn=config
changetype: add
objectclass: top
objectclass: nsds5ReplicationAgreement
cn: agreement1
nsDS5ReplicaHost: ldap2.mydomain.com
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=Replication Manager, cn=replication, cn=config
nsDS5ReplicaCredentials: mypasswd
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaRoot: dc=mydomain,dc=com
description: Replication from ldap1 to ldap2

and finally initiating replication

dn: cn=agreement1, cn=replica, cn="dc=mydomain,dc=com", cn=mapping
tree, cn=config
changetype: modify
replace: nsds5BeginReplicaRefresh
nsds5BeginReplicaRefresh: start

all entries get imported just fine, but then I get the following in my log
files ( on both machines, with the right hostnames )

[15/Dec/2003:09:55:30 -0500] NSMMReplicationPlugin - Unable to acquire
replica "cn=agreement1, cn=replica, cn="dc=mydomain,dc=com",cn=mapping
tree,cn=config (host ldap2.mydomain.com, port 389)": permission denied.
The bind dn "cn=Replication Manager, cn=replication, cn=config" does not
have permission to supply replication updates to the replica. Will retry
later
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Michael Stalnaker: "E280 T3 connectivity woes"
• Previous message: Dave Martini 1: "SUMMARY:nis server unreachable error when initializing nis client"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:41 EDT