<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Thank you Rich!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span lang="EN-GB" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-GB">Jovan Vukotić</span></b><span lang="EN-GB" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-GB"> • Senior Software
Engineer • Ambit Treasury Management • SunGard • Banking • Bulevar Milutina Milankovića 136b, Belgrade, Serbia • tel: +381.11.6555-66-1 • <a href="mailto:jovan.vukotic@sungard.com">jovan.vukotic@sungard.com</a><o:p></o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-GB" style="font-size:9.0pt;color:#595959;mso-fareast-language:EN-GB">Join the online conversation with SunGard’s customers, partners and Industry experts and find an event near you at:
</span></b><span style="color:#1F497D"><a href="http://www.capitalize-on-change.com/?email=70150000000Y1Et"><b><span lang="EN-GB" style="font-size:9.0pt;mso-fareast-language:EN-GB">www.sungard.com/ten</span></b></a></span><b><span lang="EN-GB" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-GB">.
<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"> Rich Megginson [mailto:rmeggins@redhat.com]
<br>
<b>Sent:</b> Friday, June 21, 2013 5:29 PM<br>
<b>To:</b> General discussion list for the 389 Directory server project.<br>
<b>Cc:</b> Vukotic, Jovan; Mehta, Cyrus<br>
<b>Subject:</b> Re: [389-users] DES hash values in replicationAgreement with Simple Bind<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 06/21/2013 08:56 AM, <a href="mailto:Jovan.VUKOTIC@sungard.com">
Jovan.VUKOTIC@sungard.com</a> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hi, <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">We have four 389 DS masters, version 1.2.11 that we are organizing in multi-master replication topology.<o:p></o:p></p>
<p class="MsoNormal">On one host we do not have admin server and consequently do not have an option to use 389 Management Console to configure replication agreements.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I configured it from the command line as per Administration Guide( replication manager, changelog, supplier replica and replication agreements entries), but could not establish connection to neither servers from the Agreement due to Invalid
credentials error (49).<o:p></o:p></p>
<p class="MsoNormal">I suspect the problem is DES hash of <o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">nsDS5ReplicaCredentials <o:p></o:p></p>
<p class="MsoNormal">attribute value.<o:p></o:p></p>
<p class="MsoNormal">I copied it from another Replication Agreement from the other DS instance pointing to the same Multi-Master replica.<o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><br>
You can't do that.<br>
<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal">That replication Agreement was created in 389 Console and worked fine (i.e. replica got acquired). Hence, I thought since the replication manager entry is the same, copied DES hash would be OK.<o:p></o:p></p>
<p class="MsoNormal">It did not work. <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif"">Right, you can't do that.<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Furthermore, when compared with the DES hash created for that very replication manager entry on the third server( again via 389 Console, just for the sake of the test) it turned out to be different.<o:p></o:p></p>
<p class="MsoNormal">Do you know any command analog to pwdhash that can generate hash in DES format?<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif"">No.<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal">If not, how then to provide nsDS5ReplicaCredentials attribute value of replication agreement entry?<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif"">ldapmodify:<br>
<br>
ldapmodify ... <<EOF<br>
dn: <o:p></o:p></span></p>
<p class="MsoNormal">cn=rAgrmnt1,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">=config<br>
changetype: modify<br>
replace: nsDS5ReplicaCredentials<br>
nsDS5ReplicaCredentials: the new clear text password<br>
EOF<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">FY reference, I used the following entry to do create Replication agreement:<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">dn: cn=rAgrmnt1,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn<o:p></o:p></p>
<p class="MsoNormal">=config<o:p></o:p></p>
<p class="MsoNormal">objectClass: top<o:p></o:p></p>
<p class="MsoNormal">objectClass: nsDS5ReplicationAgreement<o:p></o:p></p>
<p class="MsoNormal">description: inst1 supplies inst2<o:p></o:p></p>
<p class="MsoNormal">cn: rAgrmnt1<o:p></o:p></p>
<p class="MsoNormal">nsDS5ReplicaRoot: dc=example,dc=com<o:p></o:p></p>
<p class="MsoNormal">nsDS5ReplicaHost: consumer.replica.com<o:p></o:p></p>
<p class="MsoNormal">nsDS5ReplicaPort: 389<o:p></o:p></p>
<p class="MsoNormal">nsDS5ReplicaBindDN: uid=ReplManager,cn=config<o:p></o:p></p>
<p class="MsoNormal">nsDS5ReplicaTransportInfo: TLS<o:p></o:p></p>
<p class="MsoNormal">nsDS5ReplicaBindMethod: SIMPLE<o:p></o:p></p>
<p class="MsoNormal">nsDS5ReplicaCredentials: {DES}secret //copied from another servers dse.ldif file, from its agreement with the same nsDS5ReplicaHost<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I will appreciate any help.<o:p></o:p></p>
<p class="MsoNormal">Thank you<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span lang="EN-GB" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-GB">Jovan Vukotić</span></b><span lang="EN-GB" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-GB"> • Senior Software
Engineer • Ambit Treasury Management • SunGard • Banking • Bulevar Milutina Milankovića 136b, Belgrade, Serbia • tel: +381.11.6555-66-1 • <a href="mailto:jovan.vukotic@sungard.com">jovan.vukotic@sungard.com</a></span><o:p></o:p></p>
<p class="MsoNormal"><a href="http://www.capitalize-on-change.com/?email=70150000000Y1Et"><span style="text-decoration:none"><img border="0" width="289" height="54" id="Picture_x0020_3" src="cid:image001.gif@01CE6EBA.05C98B70" alt="Description: Description: Description: Description:
Description: coc-signature-03-2012"></span></a><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D;mso-fareast-language:EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span lang="EN-GB" style="font-size:9.0pt;color:#595959;mso-fareast-language:EN-GB">Join the online conversation with SunGard’s customers, partners and Industry experts and find an event near you at:
</span></b><span style="color:#1F497D"><a href="http://www.capitalize-on-change.com/?email=70150000000Y1Et"><b><span lang="EN-GB" style="font-size:9.0pt;mso-fareast-language:EN-GB">www.sungard.com/ten</span></b></a></span><b><span lang="EN-GB" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-GB">.
</span></b><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>--<o:p></o:p></pre>
<pre>389 users mailing list<o:p></o:p></pre>
<pre><a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><o:p></o:p></pre>
<pre><a href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><o:p> </o:p></span></p>
</div>
</body>
</html>