<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 06/21/2013 08:56 AM,
<a class="moz-txt-link-abbreviated" href="mailto:Jovan.VUKOTIC@sungard.com">Jovan.VUKOTIC@sungard.com</a> wrote:<br>
</div>
<blockquote
cite="mid:31712051F6CB4B489954AC38B582F40D4BFA3508@emea-tc2-mb02.internal.sungard.corp"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi, <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We have four 389 DS masters, version 1.2.11
that we are organizing in multi-master replication topology.<o:p></o:p></p>
<p class="MsoNormal">On one host we do not have admin server and
consequently do not have an option to use 389 Management
Console to configure replication agreements.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I configured it from the command line as
per Administration Guide( replication manager, changelog,
supplier replica and replication agreements entries), but
could not establish connection to neither servers from the
Agreement due to Invalid credentials error (49).<o:p></o:p></p>
<p class="MsoNormal">I suspect the problem is DES hash of <o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">nsDS5ReplicaCredentials
<o:p></o:p></p>
<p class="MsoNormal">attribute value.<o:p></o:p></p>
<p class="MsoNormal">I copied it from another Replication
Agreement from the other DS instance pointing to the same
Multi-Master replica.</p>
</div>
</blockquote>
<br>
You can't do that.<br>
<br>
<blockquote
cite="mid:31712051F6CB4B489954AC38B582F40D4BFA3508@emea-tc2-mb02.internal.sungard.corp"
type="cite">
<div class="WordSection1">
<p class="MsoNormal">That replication Agreement was created in
389 Console and worked fine (i.e. replica got acquired).
Hence, I thought since the replication manager entry is the
same, copied DES hash would be OK.<o:p></o:p></p>
<p class="MsoNormal">It did not work. </p>
</div>
</blockquote>
Right, you can't do that.<br>
<blockquote
cite="mid:31712051F6CB4B489954AC38B582F40D4BFA3508@emea-tc2-mb02.internal.sungard.corp"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Furthermore, when compared with the DES
hash created for that very replication manager entry on the
third server( again via 389 Console, just for the sake of the
test) it turned out to be different.<o:p></o:p></p>
<p class="MsoNormal">Do you know any command analog to pwdhash
that can generate hash in DES format?</p>
</div>
</blockquote>
No.<br>
<blockquote
cite="mid:31712051F6CB4B489954AC38B582F40D4BFA3508@emea-tc2-mb02.internal.sungard.corp"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">If not, how then to provide
nsDS5ReplicaCredentials attribute value of replication
agreement entry?</p>
</div>
</blockquote>
ldapmodify:<br>
<br>
ldapmodify ... <<EOF<br>
dn: <br>
<p class="MsoNormal">cn=rAgrmnt1,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
tree,cn<o:p></o:p></p>
<p class="MsoNormal">=config<br>
changetype: modify<br>
replace: nsDS5ReplicaCredentials<br>
nsDS5ReplicaCredentials: the new clear text password<br>
EOF<br>
<br>
</p>
<blockquote
cite="mid:31712051F6CB4B489954AC38B582F40D4BFA3508@emea-tc2-mb02.internal.sungard.corp"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">FY reference, I used the following entry to
do create Replication agreement:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">dn:
cn=rAgrmnt1,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
tree,cn<o:p></o:p></p>
<p class="MsoNormal">=config<o:p></o:p></p>
<p class="MsoNormal">objectClass: top<o:p></o:p></p>
<p class="MsoNormal">objectClass: nsDS5ReplicationAgreement<o:p></o:p></p>
<p class="MsoNormal">description: inst1 supplies inst2<o:p></o:p></p>
<p class="MsoNormal">cn: rAgrmnt1<o:p></o:p></p>
<p class="MsoNormal">nsDS5ReplicaRoot: dc=example,dc=com<o:p></o:p></p>
<p class="MsoNormal">nsDS5ReplicaHost: consumer.replica.com<o:p></o:p></p>
<p class="MsoNormal">nsDS5ReplicaPort: 389<o:p></o:p></p>
<p class="MsoNormal">nsDS5ReplicaBindDN:
uid=ReplManager,cn=config<o:p></o:p></p>
<p class="MsoNormal">nsDS5ReplicaTransportInfo: TLS<o:p></o:p></p>
<p class="MsoNormal">nsDS5ReplicaBindMethod: SIMPLE<o:p></o:p></p>
<p class="MsoNormal">nsDS5ReplicaCredentials:
{DES}secret //copied from another servers dse.ldif
file, from its agreement with the same nsDS5ReplicaHost<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I will appreciate any help.<o:p></o:p></p>
<p class="MsoNormal">Thank you<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span
style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-GB"
lang="EN-GB">Jovan Vukotić</span></b><span
style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-GB"
lang="EN-GB"> • Senior Software Engineer • Ambit Treasury
Management • SunGard • Banking • Bulevar Milutina
Milankovića 136b, Belgrade, Serbia • tel: +381.11.6555-66-1
• <a moz-do-not-send="true"
href="mailto:jovan.vukotic@sungard.com"><span
style="color:blue">jovan.vukotic@sungard.com</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="http://www.capitalize-on-change.com/?email=70150000000Y1Et"><span
style="color:blue;text-decoration:none"><img
id="Picture_x0020_3"
src="cid:part2.07050509.04060309@redhat.com"
alt="Description: Description: Description: Description:
Description: coc-signature-03-2012" border="0"
height="54" width="289"></span></a><span
style="color:#1F497D;mso-fareast-language:EN-GB"
lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:EN-GB"
lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:9.0pt;color:#595959;mso-fareast-language:EN-GB"
lang="EN-GB">Join the online conversation with SunGard’s
customers, partners and Industry experts and find an event
near you at:
</span></b><span style="color:#1F497D"><a
moz-do-not-send="true"
href="http://www.capitalize-on-change.com/?email=70150000000Y1Et"><b><span
style="font-size:9.0pt;color:blue;mso-fareast-language:EN-GB"
lang="EN-GB">www.sungard.com/ten</span></b></a></span><b><span
style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-GB"
lang="EN-GB">.
<o:p></o:p></span></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>