I reset the password of the replicaBindDn on both servers, and this
error stopped occurring.
However, I have a new error now:
[18/Mar/2014:16:22:24 -0500] NSMMReplicationPlugin -
agmt="cn=dc-ihc-dc-com-to-ds2" (test-ds2:389): Replica has a different
generation ID than the local data.
This is expected now that you resolved the replica bind issue. This
message is stating that the remote replica has not been initialized yet,
or it was overwritten, and it needs to be reinitialized.
This should help you:
and the replication agreement has a different status now:
dn: cn=dc-ihc-dc-com-to-ds2,cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,c
n=mapping tree,cn=config
objectClass: top
objectClass: nsDS5ReplicationAgreement
description: agreement to replicate dc=ihc,dc=com tree from ds1 to ds2
cn: dc-ihc-dc-com-to-ds2
nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com
nsDS5ReplicaHost:
test-ds2.infinityhealthcare.com
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: uid=replica-manager,cn=config
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE authorityRevocationLis
t accountUnlockTime memberof
nsDS5ReplicaCredentials: {DES}Nz0qsqM5nShesnQPldsB7vYKQXOj2azjan8bTsUWxNM=
nsds50ruv: {replicageneration} 532892e8000000070000
nsds50ruv: {replica 7 ldap://test-ds2.infinityhealthcare.com:389}
nsds50ruv: {replica 14 ldap://test-ds1.infinityhealthcare.com:389}
nsruvReplicaLastModified: {replica 7 ldap://test-ds2.infinityhealthcare.com:38
9} 00000000
nsruvReplicaLastModified: {replica 14 ldap://test-ds1.infinityhealthcare.com:3
89} 00000000
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20140318212415Z
nsds5replicaLastUpdateEnd: 20140318212415Z
nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate started
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 0
nsds5replicaLastInitEnd: 0
Any ideas?
Thanks,
Jon
----- Original Message -----
> From: "Jon Detert" <jdetert(a)infinityhealthcare.com>
> To: "General discussion list for the 389 Directory server project."
<389-users(a)lists.fedoraproject.org>
> Sent: Tuesday, March 18, 2014 3:59:10 PM
> Subject: [389-users] multi-master replication setup problem: both suppliers do
"not have permission to supply
> replication updates to the replica"
>
> Hi,
>
> I have two 389-ds servers. I want them to do multi-master replication to
> each other. Beyond these 2, there are no other servers.
>
> I tried to do this via the command-line, following RedHat's guide [2].
>
> However, /var/log/dirsrv/slapd-*/errors says this:
>
> [18/Mar/2014:15:02:10 -0500] NSMMReplicationPlugin - conn=22 op=3
> replica="o=infinityhealthcare.com": Unable to acquire replica: error:
> permission denied
> [18/Mar/2014:15:07:02 -0500] NSMMReplicationPlugin -
> agmt="cn=o-ihccom-to-ds2" (test-ds2:389): Unable to acquire replica:
> permission denied. The bind dn "uid=replica-manager,cn=config" does not
have
> permission to supply replication updates to the replica. Will retry later.
> [18/Mar/2014:15:07:02 -0500] NSMMReplicationPlugin -
> agmt="cn=dc-ihc-dc-com-to-ds2" (test-ds2:389): Unable to acquire replica:
> permission denied. The bind dn "uid=replica-manager,cn=config" does not
have
> permission to supply replication updates to the replica. Will retry later.
>
> Any ideas what to do to fix?
>
> In case it helps explain the problem, here is what one of the replication
> agreements looks like:
>
> dn:
> cn=dc-ihc-dc-com-to-ds2,cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,c
> n=mapping tree,cn=config
> objectClass: top
> objectClass: nsDS5ReplicationAgreement
> description: agreement to replicate dc=ihc,dc=com tree from ds1 to ds2
> cn: dc-ihc-dc-com-to-ds2
> nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com
> nsDS5ReplicaHost:
test-ds2.infinityhealthcare.com
> nsDS5ReplicaPort: 389
> nsDS5ReplicaBindDN: uid=replica-manager,cn=config
> nsDS5ReplicaBindMethod: SIMPLE
> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE
> authorityRevocationLis
> t accountUnlockTime memberof
> nsDS5ReplicaCredentials: {DES}Nz0qsqM5nShesnQPldsB7vYKQXOj2azjan8bTsUWxNM=
> nsds5replicareapactive: 0
> nsds5replicaLastUpdateStart: 0
> nsds5replicaLastUpdateEnd: 0
> nsds5replicaChangesSentSinceStartup:
> nsds5replicaLastUpdateStatus: 3 Replication error acquiring replica:
> permissio
> n denied
> nsds5replicaUpdateInProgress: FALSE
> nsds5replicaLastInitStart: 0
> nsds5replicaLastInitEnd: 0
>
> and here is the replica on the other server, that this agreement refers to:
>
> dn: cn=replica,cn=dc\3Dinfinityhealthcare\2Cdc\3Dcom,cn=mapping
> tree,cn=config
> objectClass: top
> objectClass: nsds5replica
> objectClass: extensibleObject
> cn: replica
> nsDS5ReplicaRoot: dc=infinityhealthcare,dc=com
> nsDS5ReplicaId: 7
> nsDS5ReplicaType: 3
> nsDS5Flags: 1
> nsds5ReplicaPurgeDelay: 604800
> nsDS5ReplicaBindDN: uid=replica-manager,cn=config
> nsState:: BwAAAAAAAACSnChTAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAA==
> nsDS5ReplicaName: 8d64c603-aecc11e3-b040c130-71875861
> nsds5ReplicaChangeCount: 0
> nsds5replicareapactive: 0
>
>
> [1]
>
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Serv...
>
>
> [2]
>
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Serv...
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Mark Reynolds
389 Development Team
Red Hat, Inc
mreynolds(a)redhat.com