both servers has this enty in dse.ldif under <br>
/opt/fedora-ds/<server-name>/config<br>
<br>
dn: cn=replication manager,cn=config<br>
objectClass: inetorgperson<br>
objectClass: person<br>
objectClass: top<br>
objectClass: organizationalPerson<br>
cn: replication manager<br>
sn: RM<br>
userPassword: <br>
passwordExpirationTime: 20380119031407Z<br>
<br>Is this sufficent?<br>
<br><div><span class="gmail_quote">On 5/1/06, <b class="gmail_sendername">Richard Megginson</b> <<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Linux Admin wrote:<br>> Richard,<br>> I have tried disabling the pass-through on server 2 and unfortunately<br>> I still can not replicate from 2 to 1.<br>> Replications from 1 to 2 works fine. I had to manually create
<br>> NetscapeRoot on 2 initially, could be it that is created with<br>> different set of attributes then on 1.<br>> The error is 3. Permission denied.<br>Make sure the user you are using as your supplier DN on server 1 exists
<br>on server 1 (and likewise for server 2). Try using ldapsearch from the<br>command line - bind with your supplier DN and password - to see if you<br>can use those credentials to search the suffix on both servers.<br>> What else could it be.
<br>> Thanks for all your help.<br>><br>><br>><br>> On 4/28/06, *Linux Admin* <<a href="mailto:sysadmin.linux@gmail.com">sysadmin.linux@gmail.com</a><br>> <mailto:<a href="mailto:sysadmin.linux@gmail.com">
sysadmin.linux@gmail.com</a>>> wrote:<br>><br>> Richard,<br>> Thanks, let me try. I am surprised there is no documentation at<br>> all on NetScape root replication.<br>> You help is very much appricated
<br>><br>><br>><br>><br>> On 4/28/06, * Richard Megginson* <<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a><br>> <mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com
</a>>> wrote:<br>><br>> Linux Admin wrote:<br>> > Richard,<br>> > Thanks, this is very good.<br>> > I do not want to really disable it right now,<br>> I think you may need to disable it on the replica in order to make
<br>> replication work.<br>> > I just want to have 2 way replication between Server 1 and<br>> Server 2,<br>> > and used authenticate against server1. I would then setup in
<br>> pluging<br>> > authentication against both 1 and 2. Is this right way?<br>> > Thank your very much for your time and advice.<br>> ><br>> ><br>> > On 4/28/06, *Richard Megginson* <
<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a><br>> <mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>><br>>
> <mailto: <a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>
<mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>>>><br>> wrote:<br>> ><br>> > Linux Admin wrote:<br>> > > Folks,<br>>
> > Is it possible to set up multi-master
replication of<br>> NetscapeRoot<br>> > > configuration directory.<br>>
> > I have tried and I can successfully
initialize<br>> subscribers from the<br>> > > current configuration directory server.<br>>
> > However initialization of replication
in opposite<br>> direction fails.<br>> > ><br>>
> > Server 1 current conf dir ->
Server 2: rplication sucsfull<br>> > > o=NetscapeRoot is populated<br>>
> > Server 1 current conf dir <-
Server 2: rplication<br>> failes with error:<br>> > > Permission denied. Error code 3<br>>
> Part of the problem is that, when you set
up a second<br>> instance, the<br>> > installer automatically enables pass through<br>> authentication for the<br>>
> console admin user, which allows that user
to login as<br>>
> uid=admin,.....,o=NetscapeRoot on machines
which do not have<br>>
> o=NetscapeRoot. So the first
thing you need to do is to<br>> disable the<br>>
> pass through auth plugin (console ->
directory console -><br>> > Configuration<br>>
> -> Plug-ins -> Pass Through ->
uncheck the Enable box - then<br>> > restart the<br>> > server.<br>> > ><br>>
> > on Server 2 I had to manully create
NetscapeRoot database.<br>>
> > What am I missing?. Is it "idiot
prrof" feature?<br>> > ><br>> > > Thanks in advance for any help<br>> > > SysLin<br>> > ><br>> > ><br>> >
<br>> ------------------------------------------------------------------------<br>> > ><br>> > > --<br>> > > Fedora-directory-users mailing list<br>
> > > <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>> <mailto:<a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com
</a>><br>> > <mailto: <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>> <mailto:<a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com
</a>>><br>> > ><br>> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>> <<a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">
https://www.redhat.com/mailman/listinfo/fedora-directory-users</a>><br>> > ><br>> ><br>> ><br>> > --<br>> > Fedora-directory-users mailing list
<br>> > <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>> <mailto:<a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com
</a>><br>> > <mailto: <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>> <mailto:<a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com
</a>>><br>> ><br>> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>> ><br>> >
<br>> ><br>> ><br>> > ------------------------------------------------------------------------<br>><br>> ><br>> > --<br>> > Fedora-directory-users mailing list
<br>> > <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>> <mailto:<a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com
</a>><br>> > <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>> ><br>><br>><br>> --
<br>> Fedora-directory-users mailing list<br>> <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>> <mailto:<a href="mailto:Fedora-directory-users@redhat.com">
Fedora-directory-users@redhat.com</a>><br>> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>><br>><br>>
<br>><br>><br>> ------------------------------------------------------------------------<br>><br>> --<br>> Fedora-directory-users mailing list<br>> <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com
</a><br>> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>><br><br><br>--<br>Fedora-directory-users mailing list<br><a href="mailto:Fedora-directory-users@redhat.com">
Fedora-directory-users@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br><br><br><br></blockquote></div><br>