On 20 Feb 2020, at 07:35, Thaddeus Brown <thadbrownsc(a)gmail.com&gt; wrote: First, i am a noob to ldap and directory server.

I have been at this for 30+ days in various scenarios to move off of directory server 8.2 to 11. In my latest iteration I am just trying to step through the major upgrades os/ds one at time to get to my end result. I am trying to replicate databases from directory server 8.2 to 9. I have followed the redhat documentation but still struggling. On the consumer, I am getting the error message, slapi_ldap_bind - error: could not bind id [cn=replication manager,cn=config] mech [SIMPLE]: error 48 (inappropriate authentication) errno 0 (Success) I have changed the password do it wouldn't be too simple. Made sure that supplier dn is cn=replication manager,cn=config as well as simple bind userid. How can I check if security and what type is on supplier?

_______________________________________________ 389-users mailing list -- 389-users(a)lists.fedoraproject.org To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...

On 21 Feb 2020, at 00:28, Thad <thadbrownsc(a)gmail.com&gt; wrote: Ok. Thanks William and Thierry. I took a look back at the entry in dse.ldif and somehow my userPassword entry didn't save. I put it back and carefully put in a new complex (not too much) password and restarted everything. It is working now so it was missing field in the dse file and a password issue.

Now I have and issue with replication. Specifically "Replication error acquiring replica. replica busy error code 1." This is in the Consumer initialization status area. in the Status field last update message is "Replica acquired successfully. Incremental update succeeded." This for both NetscapeRoot and userRoot. However I think I see the issue. When setting up the replication agreement the FQDN for the supplier is automatically given. Since both servers are named the same thing (based on the documentation) shouldn't this cause an issue? I just re-read the documentation again...like I said newbie here. It seems I put the agreement on the consumer and I should have created it on the supplier server to push the data to the consumer. The flow of instructions here wasn't crystal clear to me. So now I am configuring the agreement on the the supplier. The error message I am receiving now is "Consumer server unreachable or invalid credentials supplied. Unable to perform subtree duplication verification." And I think have figured it out, the supplier can reach out to consumer but the traffic isn't coming back. So going to add an entry to the consumer /etc/hosts file and get back with the results.

Glad to say replication is working now. It looks like all of the entries have been replicated. I will keep checking for any errors. Once I got the replication agreement on the correct side I ran into some LDAP issues but worked through them. Not sure why the userPassword field on the replication manager entry kept disappearing but had to edit dse.ldif and enter it again. Next up is decommissioning the master server and repeating the whole process a few more times until I am on a current version. So pretty sure you will be hearing from me again if I can't find any good decommission documentation of master/replica setup.

Thanks for the help.

_______________________________________________ 389-users mailing list -- 389-users(a)lists.fedoraproject.org To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...