Hey folks,
The HOWTO refers to a script that is at the end of a dead link
http://directory.fedoraproject.org/wiki/Howto:MultiMasterReplication
And the Red Hat docs tell me to do something that causes an error.
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Creating_the_Supplie...
The final entry should resemble Example 8.1, “Example Supplier Bind DN Entry”.
dn: cn=replication manager,cn=config objectClass: inetorgperson objectClass: person objectClass: top cn: replication manager sn: RM userPassword: password passwordExpirationTime: 20380119031407Z
[root@sandbox2 ~]# /etc/init.d/dirsrv start Starting dirsrv: sandbox2...[03/Dec/2009:16:31:30 -0500] - Entry "cn=replication manager,cn=config " has unknown object class "inetorgperson " (remove the trailing space) [03/Dec/2009:16:31:30 -0500] - Entry "cn=replication manager,cn=config " has unknown object class "person " (remove the trailing space) [03/Dec/2009:16:31:30 -0500] - Entry "cn=replication manager,cn=config " has unknown object class "top " (remove the trailing space) [ OK ]
And clearly I do not know enough about LDAP at this point to know what the heck I'm doing here :-)
Both of my servers are set up with custom install but mostly defaults.
Help me Obi-Wan, you are my only hope :-)
BTW, I did order the O'Reilly LDAP book that everyone recommends - it shipped today.
Oh, and another question.
The first server seems to be working fine. When installing the 2nd one I came to this question and did not really know what it meant so I said "yes" and pointed it at the 1st server. Was this the right thing to do?
Do you want to register this software with an existing configuration directory server? [no]: yes
Alan McKay wrote:
Oh, and another question.
The first server seems to be working fine. When installing the 2nd one I came to this question and did not really know what it meant so I said "yes" and pointed it at the 1st server. Was this the right thing to do?
Do you want to register this software with an existing configuration directory server? [no]: yes
Yes. It just means you will be able to manage both servers from a single 389-console.
Alan McKay wrote:
Hey folks,
The HOWTO refers to a script that is at the end of a dead link
http://directory.fedoraproject.org/wiki/Howto:MultiMasterReplication
And the Red Hat docs tell me to do something that causes an error.
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Creating_the_Supplie...
The final entry should resemble Example 8.1, “Example Supplier Bind DN Entry”.
dn: cn=replication manager,cn=config objectClass: inetorgperson objectClass: person objectClass: top cn: replication manager sn: RM userPassword: password passwordExpirationTime: 20380119031407Z
[root@sandbox2 ~]# /etc/init.d/dirsrv start Starting dirsrv: sandbox2...[03/Dec/2009:16:31:30 -0500] - Entry "cn=replication manager,cn=config " has unknown object class "inetorgperson " (remove the trailing space) [03/Dec/2009:16:31:30 -0500] - Entry "cn=replication manager,cn=config " has unknown object class "person " (remove the trailing space) [03/Dec/2009:16:31:30 -0500] - Entry "cn=replication manager,cn=config " has unknown object class "top " (remove the trailing space) [ OK ]
In the LDIF above, each line ends with the space character. LDAP does not like that. That's what the error messages are telling you.
And clearly I do not know enough about LDAP at this point to know what the heck I'm doing here :-)
Both of my servers are set up with custom install but mostly defaults.
Help me Obi-Wan, you are my only hope :-)
BTW, I did order the O'Reilly LDAP book that everyone recommends - it shipped today.
On 12/03/2009 01:41 PM, Alan McKay wrote:
Hey folks,
The HOWTO refers to a script that is at the end of a dead link
http://directory.fedoraproject.org/wiki/Howto:MultiMasterReplication
And the Red Hat docs tell me to do something that causes an error.
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Creating_the_Supplie...
The final entry should resemble Example 8.1, “Example Supplier Bind DN Entry”.
dn: cn=replication manager,cn=config objectClass: inetorgperson objectClass: person objectClass: top cn: replication manager sn: RM userPassword: password passwordExpirationTime: 20380119031407Z
[root@sandbox2 ~]# /etc/init.d/dirsrv start Starting dirsrv: sandbox2...[03/Dec/2009:16:31:30 -0500] - Entry "cn=replication manager,cn=config " has unknown object class "inetorgperson " (remove the trailing space) [03/Dec/2009:16:31:30 -0500] - Entry "cn=replication manager,cn=config " has unknown object class "person " (remove the trailing space) [03/Dec/2009:16:31:30 -0500] - Entry "cn=replication manager,cn=config " has unknown object class "top " (remove the trailing space) [ OK ]
And clearly I do not know enough about LDAP at this point to know what the heck I'm doing here :-)
Both of my servers are set up with custom install but mostly defaults.
Help me Obi-Wan, you are my only hope :-)
As the error message states, you have trailing spaces at the end of the "top", "person", and "inetorgperson" objectclass lines. Remove the trailing spaces.
BTW, I did order the O'Reilly LDAP book that everyone recommends - it shipped today.
OK, sorry again to cry wolf, but I think this is a real question this time :-) Back to the Red Hat doc it says :
Specify the replication settings for the multi-mastered read-write replica.
1. In the Directory Server Console, select the Configuration tab. 2. In the navigation tree, expand the Replication folder, and highlight the replica database. The Replica Settings tab for that database opens in the right-hand side of the window.
The picture they show does not give me enough detail, because when I expand the "Replication" folder to highlight the "replica database", I see 2 entries in there and I'm not sure which one to use. I see "NetscapeRoot" and "userRoot". I click on either of those and I see the tabs like in the Red Hat doc.
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication...
Well, I blew something.
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/images/replagmt1.png
When I got to this point I did not see at the bottom the subtree "dc=example,dc=com" I saw "NetscapeRoot"
Which means when I asked the other question about whether to choose "NetscapeRoot" or "userRoot", the answer must have been "neither". But those were the only two choices I had.
My replication failed with error 6. No such replica.
I'll go back and retrace my steps tomorrow - getting too late for this right now.
i recommend you to follow this other howto:
http://directory.fedoraproject.org/wiki/Howto:WalkthroughMultimasterSSL
2009/12/3 Alan McKay alan.mckay@gmail.com:
Well, I blew something.
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/images/replagmt1.png
When I got to this point I did not see at the bottom the subtree "dc=example,dc=com" I saw "NetscapeRoot"
Which means when I asked the other question about whether to choose "NetscapeRoot" or "userRoot", the answer must have been "neither". But those were the only two choices I had.
My replication failed with error 6. No such replica.
I'll go back and retrace my steps tomorrow - getting too late for this right now.
-- “Don't eat anything you've ever seen advertised on TV” - Michael Pollan, author of "In Defense of Food"
-- 389 users mailing list 389-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
http://directory.fedoraproject.org/wiki/Howto:WalkthroughMultimasterSSL
Thanks, that is what I will do tomorrow
On 12/03/2009 02:41 PM, Alan McKay wrote:
Well, I blew something.
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/images/replagmt1.png
When I got to this point I did not see at the bottom the subtree "dc=example,dc=com" I saw "NetscapeRoot"
Which means when I asked the other question about whether to choose "NetscapeRoot" or "userRoot", the answer must have been "neither". But those were the only two choices I had.
You need to choose userRoot. The default database name is userRoot, which maps to whatever suffix you defined at install time. The NetscapeRoot backend is used by the Administration Server for things like letting the Console application what servers it has to manage and what it can do.
My replication failed with error 6. No such replica.
I'll go back and retrace my steps tomorrow - getting too late for this right now.
On Thu, Dec 3, 2009 at 6:14 PM, Nathan Kinder nkinder@redhat.com wrote:
You need to choose userRoot. The default database name is userRoot, which maps to whatever suffix you defined at install time. The NetscapeRoot backend is used by the Administration Server for things like letting the Console application what servers it has to manage and what it can do.
Story of my life - 50/50 chance and I blew it!
:-)
Dang - I went back and did it with userRoot and got the same Error 6. So I'll go off now and look at that doc on the fedora wiki that was mentioned above. Not sure where I went wrong ...
Well that was short lived hope. :-( Though the -6 in the error here seems suspiciously like the 6 error by the other means.
http://directory.fedoraproject.org/wiki/Howto:WalkthroughMultimasterSSL
Says to do this :
#> cd /opt/fedora-ds/shared/bin #> ./ldapmodify -D "cn=Directory Manager" -w YOURPASSWORD dn: cn=replication manager,cn=config changetype: add objectclass: top objectclass: person cn: Replication Manager sn: Manager userPassword: PASSWORD
So when I try, I get this (on both servers) :
[root@sandbox1 ~]# ldapmodify -D "cn=Directory Manager" -w MY_REAL_PASSWORD SASL/EXTERNAL authentication started ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available:
So - failed with error 3 this time but I'm not losing hope. By that point I think both servers were a little bastardized from trying this method and that.
I'm just going to blow them both away and start from scratch. Doing the initial install is pretty easy now that I have it documented. Will also allow me to work on a kickstart image for it :-)
I leave work early today so probably will only get a chance to do the OS install today. Replication experiments to continue next week :-)
I'll keep y'all posted how it goes ...
Alan McKay wrote:
So - failed with error 3 this time but I'm not losing hope. By that point I think both servers were a little bastardized from trying this method and that.
When you say "failed with error 3" you should be more specific - what failed? What is the context? Is there any additional information in the error message?
I'm just going to blow them both away and start from scratch. Doing the initial install is pretty easy now that I have it documented. Will also allow me to work on a kickstart image for it :-)
I leave work early today so probably will only get a chance to do the OS install today. Replication experiments to continue next week :-)
I'll keep y'all posted how it goes ...
When you say "failed with error 3" you should be more specific - what failed? What is the context? Is there any additional information in the error message?
Yeah, sorry, I wasn't more specific because I wasn't really asking for help - just giving an update :-) As mentioned, I'm going to blow it away and go at it again but this time using 100% of the fedora wiki doc (but without SSL).
It was when I finished making the replication agreements on both ends - as the doc suggested, choose "do not replicate now" and then after that is done, I went to my 1st server and right-clicked on the replication agreement and told it to "initialize consumer"
But since I've typed all this now, I might as well give you the whole thing :-)
http://picasaweb.google.ca/alan.mckay/Work#5411412134006249250
cheers, -Alan
Alan McKay wrote:
When you say "failed with error 3" you should be more specific - what failed? What is the context? Is there any additional information in the error message?
Yeah, sorry, I wasn't more specific because I wasn't really asking for help - just giving an update :-)
Sure. Folks doing a web search for information about similar problems will hit this archived email and will wonder if it is the same problem they are seeing.
As mentioned, I'm going to blow it away and go at it again but this time using 100% of the fedora wiki doc (but without SSL).
It was when I finished making the replication agreements on both ends
- as the doc suggested, choose "do not replicate now" and then after
that is done, I went to my 1st server and right-clicked on the replication agreement and told it to "initialize consumer"
But since I've typed all this now, I might as well give you the whole thing :-)
http://picasaweb.google.ca/alan.mckay/Work#5411412134006249250
That usually means you haven't specified the supplier DN in the consumer replica, or you have specified a different supplier DN on the supplier side than the supplier DN you specified on the consumer side.
cheers, -Alan
That usually means you haven't specified the supplier DN in the consumer replica, or you have specified a different supplier DN on the supplier side than the supplier DN you specified on the consumer side.
You mean the "replication manager" that I set up like this :
#> cd /opt/fedora-ds/shared/bin #> ./ldapmodify -D "cn=Directory Manager" -w YOURPASSWORD dn: cn=replication manager,cn=config changetype: add objectclass: top objectclass: person cn: Replication Manager sn: Manager userPassword: PASSWORD
Alan McKay wrote:
That usually means you haven't specified the supplier DN in the consumer replica, or you have specified a different supplier DN on the supplier side than the supplier DN you specified on the consumer side.
You mean the "replication manager" that I set up like this :
#> cd /opt/fedora-ds/shared/bin #> ./ldapmodify -D "cn=Directory Manager" -w YOURPASSWORD dn: cn=replication manager,cn=config changetype: add objectclass: top objectclass: person cn: Replication Manager sn: Manager userPassword: PASSWORD
Right. You have to add this DN to the list of supplier DNs in the replica entry on the consumer - this says which DNs are allowed to be a supplier for this replica. You also have to specify this DN in your supplier replication agreement.
Right. You have to add this DN to the list of supplier DNs in the replica entry on the consumer - this says which DNs are allowed to be a supplier for this replica. You also have to specify this DN in your supplier replication agreement.
I did that according to the fedora wiki doc http://directory.fedoraproject.org/wiki/Howto:WalkthroughMultimasterSSL Though as noted I'm not using SSL.
Anyway, too late to go back and check since I'm reinstalling in both VMs now :-)
Anyway, too late to go back and check since I'm reinstalling in both VMs now :-)
Bingo - it worked as advertised! This doc did the trick for me with a fresh install
http://directory.fedoraproject.org/wiki/Howto:WalkthroughMultimasterSSL
I'm off for the week now - will pull the doc together next week.
Thanks all!
389-users@lists.fedoraproject.org