For the previous issue, I was at a loss and took a risky action by executing the command "ipa-replica-manage re-initialize --from xx". However, there are issues with permission authentication between the freeipa4.8 versions. Since freeipa4.8 is currently mainly designed for client-side authentication with the kdc, it is very important and cannot perform the ipa-replica-manage re-initialize operation. What should I do to fix this permission issue? They were previously able to authenticate each other. However, I'm not sure if this was affected by the changes made there.
root@fs-hiido-kerberos-server03:/home/liangrui06# ldapsearch -LLL -x -H ldap://localhost:389 -D "cn=Directory Manager" -w $pass -b "cn=replica,cn=dc\3Dxx\2Cdc\3Dcom,cn=mapping tree,cn=config" "(objectClass=nsds5ReplicationAgreement)" cn nsDS5ReplicaHost nsds5replicaLastUpdateStatus
dn: cn=fs-hiido-kerberos-server03.hiido.host.xx.com-to-fs-hiido-kerberos -server04.hiido.host.xx.com,cn=replica,cn=dc\3Dxx\2Cdc\3Dcom,cn=m apping tree,cn=config cn: fs-hiido-kerberos-server03.hiido.host.xx.com-to-fs-hiido-kerberos-se rver04.hiido.host.xx.com nsDS5ReplicaHost: fs-hiido-kerberos-server04.hiido.host.xx.com nsds5replicaLastUpdateStatus: Error (1) Can't acquire busy replica (Unable to acquire replica: the replica is currently being updated by another supplier.)
dn: cn=meTofs-hiido-kerveros-test08.hiido.host.xx.com,cn=replica,cn=dc\3 Dxx\2Cdc\3Dcom,cn=mapping tree,cn=config cn: meTofs-hiido-kerveros-test08.hiido.host.xx.com nsDS5ReplicaHost: fs-hiido-kerveros-test08.hiido.host.xx.com nsds5replicaLastUpdateStatus: Error (3) Replication error acquiring replica: U nable to acquire replica: permission denied. The bind dn does not have permis sion to supply replication updates to the replica. Will retry later. (permiss ion denied)
root@fs-hiido-kerveros-test08:~# ldapsearch -LLL -x -H ldap://localhost:389 -D "cn=Directory Manager" -w $pass -b "cn=replica,cn=dc\3Dxx\2Cdc\3Dcom,cn=mapping tree,cn=config" "(objectClass=nsds5ReplicationAgreement)" cn nsDS5ReplicaHost nsds5replicaLastUpdateStatus dn: cn=fs-hiido-kerveros-test08.hiido.host.xx.com-to-fs-hiido-ipa-65-155 .hiido.host.xx.com,cn=replica,cn=dc\3Dxx\2Cdc\3Dcom,cn=mapping tr ee,cn=config cn: fs-hiido-kerveros-test08.hiido.host.xx.com-to-fs-hiido-ipa-65-155.hi ido.host.xx.com nsDS5ReplicaHost: fs-hiido-ipa-65-155.hiido.host.xx.com nsds5replicaLastUpdateStatus: Error (0) Replica acquired successfully: Increme ntal update succeeded
dn: cn=fs-hiido-kerveros-test08.hiido.host.xx.com-to-fs-hiido-kerberos-2 1-117-149.hiido.host.xx.com,cn=replica,cn=dc\3Dxx\2Cdc\3Dcom,cn=m apping tree,cn=config cn: fs-hiido-kerveros-test08.hiido.host.xx.com-to-fs-hiido-kerberos-21-1 17-149.hiido.host.xx.com nsDS5ReplicaHost: fs-hiido-kerberos-21-117-149.hiido.host.xx.com nsds5replicaLastUpdateStatus: Error (0) Replica acquired successfully: Increme ntal update succeeded
dn: cn=meTofs-hiido-kerberos-server02.hiido.host.xx.com,cn=replica,cn=dc \3Dxx\2Cdc\3Dcom,cn=mapping tree,cn=config cn: meTofs-hiido-kerberos-server02.hiido.host.xx.com nsDS5ReplicaHost: fs-hiido-kerberos-server02.hiido.host.xx.com nsds5replicaLastUpdateStatus: Error (-2) Problem connecting to replica - LDAP error: Local error (connection error)
dn: cn=meTofs-hiido-kerberos-server03.hiido.host.xx.com,cn=replica,cn=dc \3Dxx\2Cdc\3Dcom,cn=mapping tree,cn=config cn: meTofs-hiido-kerberos-server03.hiido.host.xx.com nsDS5ReplicaHost: fs-hiido-kerberos-server03.hiido.host.xx.com nsds5replicaLastUpdateStatus: Error (49) Problem connecting to replica - LDAP error: Invalid credentials (connection error)
fs-hiido-kerberos-server03 ->meTofs-hiido-kerveros-test08.hiido.host.xx.com What kind of permission is lacking between them?
root@fs-hiido-kerveros-test08:/var/log/dirsrv/slapd-YYDEVOPS-COM# tailf errors [29/Jan/2026:15:04:49.513109345 +0800] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=7195 op=90315 replica="dc=xx,dc=com": Unable to acquire replica: error: permission denied [29/Jan/2026:15:04:52.509637825 +0800] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=7195 op=90317 replica="dc=xx,dc=com": Unable to acquire replica: error: permission denied [29/Jan/2026:15:04:55.827408548 +0800] - ERR - NSMMReplicationPlugin - multimaster_extop_StartNSDS50ReplicationRequest - conn=7195 op=90318 replica="dc=xx,dc=com": Unable to acquire replica: error: permission denied
all info Just focus on dn: cn=meTofs-hiido-kerveros-test08.hiido.host.xx.com,cn=replica,cn=dc Dxx\2Cdc\3Dcom,cn=mapping tree,cn=config
root@fs-hiido-kerberos-server03:/home/liangrui06# ldapsearch -LLL -x -H ldap://localhost:389 -D "cn=Directory Manager" -w xxx -b "cn=replica,cn=dc\3Dxx\2Cdc\3Dcom,cn=mapping tree,cn=config" "(objectClass=nsds5ReplicationAgreement)" dn: cn=fs-hiido-kerberos-server03.hiido.host.xx.com-to-fs-hiido-kerberos -ca-02.hiido.host.xx.com,cn=replica,cn=dc\3Dxx\2Cdc\3Dcom,cn=mapp ing tree,cn=config objectClass: nsds5replicationagreement objectClass: ipaReplTopoManagedAgreement objectClass: top cn: fs-hiido-kerberos-server03.hiido.host.xx.com-to-fs-hiido-kerberos-ca -02.hiido.host.xx.com nsDS5ReplicaHost: fs-hiido-kerberos-ca-02.hiido.host.xx.com nsDS5ReplicaPort: 389 nsds5replicaTimeout: 300 nsDS5ReplicaRoot: dc=xx,dc=com description: fs-hiido-kerberos-server03.hiido.host.xx.com to fs-hiido-ke rberos-ca-02.hiido.host.xx.com ipaReplTopoManagedAgreementState: managed agreement - generated by topology pl ugin nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 19700101000000Z nsds5replicaLastUpdateEnd: 19700101000000Z nsds5replicaChangesSentSinceStartup: nsds5replicaLastUpdateStatus: Error (3) Replication error acquiring replica: U nable to acquire replica: permission denied. The bind dn does not have permis sion to supply replication updates to the replica. Will retry later. (permiss ion denied) nsds5replicaLastUpdateStatusJSON: {"state": "red", "ldap_rc": "0", "ldap_rc_te xt": "Success", "repl_rc": "3", "repl_rc_text": "permission denied", "date": "2026-01-29T10:21:53Z", "message": "Error (3) Replication error acquiring rep lica: Unable to acquire replica: permission denied. The bind dn does not have permission to supply replication updates to the replica. Will retry later. ( permission denied)"} nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z
dn: cn=fs-hiido-kerberos-server03.hiido.host.xx.com-to-fs-hiido-kerberos -server02.hiido.host.xx.com,cn=replica,cn=dc\3Dxx\2Cdc\3Dcom,cn=m apping tree,cn=config objectClass: nsds5replicationagreement objectClass: ipaReplTopoManagedAgreement objectClass: top cn: fs-hiido-kerberos-server03.hiido.host.xx.com-to-fs-hiido-kerberos-se rver02.hiido.host.xx.com nsDS5ReplicaHost: fs-hiido-kerberos-server02.hiido.host.xx.com nsDS5ReplicaPort: 389 nsds5replicaTimeout: 300 nsDS5ReplicaRoot: dc=xx,dc=com description: fs-hiido-kerberos-server03.hiido.host.xx.com to fs-hiido-ke rberos-server02.hiido.host.xx.com ipaReplTopoManagedAgreementState: managed agreement - generated by topology pl ugin nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 5d778f4c000000040000 nsds50ruv: {replica 46 ldap://fs-hiido-kerberos-server02.hiido.host.xx.c om:389} 5ecf76ac0000002e0000 697b1db40018002e0000 nsds50ruv: {replica 44 ldap://fs-hiido-kerveros-test08.hiido.host.xx.com :389} 5ecf60220000002c0000 69772409b98d002c0000 nsds50ruv: {replica 4 ldap://fs-hiido-kerberos-21-117-149.hiido.host.xx. com:389} 5d778f4c000100040000 69731625000800040000 nsds50ruv: {replica 7} 5e732d1c000200070000 5e732d1c000200070000 nsds50ruv: {replica 22 ldap://fs-hiido-kerberos-server01.hiido.host.xx.c om:389} 5ec7b6b1000000160000 5ec7b718000800160000 nsds50ruv: {replica 48 ldap://fs-hiido-kerberos-server03.hiido.host.xx.c om:389} 5ecf811a000000300000 697b1d8c001e00300000 nsds50ruv: {replica 43 ldap://fs-hiido-hadoop-assit-21-33-33.hiido.host.yydevo ps.com:389} 5ecf67650002002b0000 5ed0c1e50004002b0000 nsds50ruv: {replica 42} 5ecf67710005002a0000 5ed0c0d10003002a0000 nsds50ruv: {replica 38 ldap://fs-hiido-kerveros-test06.hiido.host.xx.com :389} 5ecf6e77001100260000 5ed4d8ff002500260000 nsds50ruv: {replica 39 ldap://fs-hiido-kerveros-test07.hiido.host.xx.com :389} 5ecf6e77001600270000 5ed4d70b000200270000 nsds50ruv: {replica 45} 5ecf755e0000002d0000 5ecf75850000002d0000 nsds50ruv: {replica 54 ldap://fs-hiido-kerberos-server04.hiido.host.xx.c om:389} 5ed711b4000000360000 697b142ca56200360000 nsds50ruv: {replica 60 ldap://fs-hiido-ipa-65-155.hiido.host.xx.com:389} 63108d650000003c0000 69731aae0000003c0000 nsds50ruv: {replica 62 ldap://ipa-65-189.hiido.host.xx.com:389} 631096ad 0001003e0000 69731b0a0004003e0000 nsds50ruv: {replica 63 ldap://fs-hiido-kerberos-ca-02.hiido.host.xx.com: 389} 631565ee0000003f0000 697313c30006003f0000 nsruvReplicaLastModified: {replica 46 ldap://fs-hiido-kerberos-server02.hiido. host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 44 ldap://fs-hiido-kerveros-test08.hiido.ho st.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 4 ldap://fs-hiido-kerberos-21-117-149.hiido .host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 7} 00000000 nsruvReplicaLastModified: {replica 22 ldap://fs-hiido-kerberos-server01.hiido. host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 48 ldap://fs-hiido-kerberos-server03.hiido. host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 43 ldap://fs-hiido-hadoop-assit-21-33-33.hi ido.host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 42} 00000000 nsruvReplicaLastModified: {replica 38 ldap://fs-hiido-kerveros-test06.hiido.ho st.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 39 ldap://fs-hiido-kerveros-test07.hiido.ho st.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 45} 00000000 nsruvReplicaLastModified: {replica 54 ldap://fs-hiido-kerberos-server04.hiido. host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 60 ldap://fs-hiido-ipa-65-155.hiido.host.yy devops.com:389} 00000000 nsruvReplicaLastModified: {replica 62 ldap://ipa-65-189.hiido.host.xx.co m:389} 00000000 nsruvReplicaLastModified: {replica 63 ldap://fs-hiido-kerberos-ca-02.hiido.hos t.xx.com:389} 00000000 nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20260129102152Z nsds5replicaLastUpdateEnd: 20260129102152Z nsds5replicaChangesSentSinceStartup:: NDg6MjIvMTEyNDc2IA== nsds5replicaLastUpdateStatus: Error (0) Replica acquired successfully: Increme ntal update succeeded nsds5replicaLastUpdateStatusJSON: {"state": "green", "ldap_rc": "0", "ldap_rc_ text": "Success", "repl_rc": "0", "repl_rc_text": "replica acquired", "date": "2026-01-29T10:21:52Z", "message": "Error (0) Replica acquired successfully: Incremental update succeeded"} nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z
dn: cn=fs-hiido-kerberos-server03.hiido.host.xx.com-to-fs-hiido-kerberos -server04.hiido.host.xx.com,cn=replica,cn=dc\3Dxx\2Cdc\3Dcom,cn=m apping tree,cn=config objectClass: nsds5replicationagreement objectClass: ipaReplTopoManagedAgreement objectClass: top cn: fs-hiido-kerberos-server03.hiido.host.xx.com-to-fs-hiido-kerberos-se rver04.hiido.host.xx.com nsDS5ReplicaHost: fs-hiido-kerberos-server04.hiido.host.xx.com nsDS5ReplicaPort: 389 nsds5replicaTimeout: 300 nsDS5ReplicaRoot: dc=xx,dc=com description: fs-hiido-kerberos-server03.hiido.host.xx.com to fs-hiido-ke rberos-server04.hiido.host.xx.com ipaReplTopoManagedAgreementState: managed agreement - generated by topology pl ugin nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 5d778f4c000000040000 nsds50ruv: {replica 54 ldap://fs-hiido-kerberos-server04.hiido.host.xx.c om:389} 5ed711b4000000360000 697b1da6fbc400360000 nsds50ruv: {replica 46 ldap://fs-hiido-kerberos-server02.hiido.host.xx.c om:389} 5ecf76ac0000002e0000 697b1dab0032002e0000 nsds50ruv: {replica 44 ldap://fs-hiido-kerveros-test08.hiido.host.xx.com :389} 5ecf60220000002c0000 69772409b98d002c0000 nsds50ruv: {replica 4 ldap://fs-hiido-kerberos-21-117-149.hiido.host.xx. com:389} 5d778f4c000100040000 69731625000800040000 nsds50ruv: {replica 7} 5e732d1c000200070000 5e732d1c000200070000 nsds50ruv: {replica 22 ldap://fs-hiido-kerberos-server01.hiido.host.xx.c om:389} 5ec7b6b1000000160000 5ec7b718000800160000 nsds50ruv: {replica 48 ldap://fs-hiido-kerberos-server03.hiido.host.xx.c om:389} 5ecf811a000000300000 697b1d8c001e00300000 nsds50ruv: {replica 43 ldap://fs-hiido-hadoop-assit-21-33-33.hiido.host.yydevo ps.com:389} 5ecf67650002002b0000 5ed0c1e50004002b0000 nsds50ruv: {replica 42} 5ecf67710005002a0000 5ed0c0d10003002a0000 nsds50ruv: {replica 38 ldap://fs-hiido-kerveros-test06.hiido.host.xx.com :389} 5ecf6e77001100260000 5ed4d8ff002500260000 nsds50ruv: {replica 39 ldap://fs-hiido-kerveros-test07.hiido.host.xx.com :389} 5ecf6e77001600270000 5ed4d70b000200270000 nsds50ruv: {replica 45} 5ecf755e0000002d0000 5ecf75850000002d0000 nsds50ruv: {replica 60 ldap://fs-hiido-ipa-65-155.hiido.host.xx.com:389} 63108d650000003c0000 69731aae0000003c0000 nsds50ruv: {replica 62 ldap://ipa-65-189.hiido.host.xx.com:389} 631096ad 0001003e0000 69731b0a0004003e0000 nsds50ruv: {replica 63 ldap://fs-hiido-kerberos-ca-02.hiido.host.xx.com: 389} 631565ee0000003f0000 697313c30006003f0000 nsruvReplicaLastModified: {replica 54 ldap://fs-hiido-kerberos-server04.hiido. host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 46 ldap://fs-hiido-kerberos-server02.hiido. host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 44 ldap://fs-hiido-kerveros-test08.hiido.ho st.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 4 ldap://fs-hiido-kerberos-21-117-149.hiido .host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 7} 00000000 nsruvReplicaLastModified: {replica 22 ldap://fs-hiido-kerberos-server01.hiido. host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 48 ldap://fs-hiido-kerberos-server03.hiido. host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 43 ldap://fs-hiido-hadoop-assit-21-33-33.hi ido.host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 42} 00000000 nsruvReplicaLastModified: {replica 38 ldap://fs-hiido-kerveros-test06.hiido.ho st.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 39 ldap://fs-hiido-kerveros-test07.hiido.ho st.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 45} 00000000 nsruvReplicaLastModified: {replica 60 ldap://fs-hiido-ipa-65-155.hiido.host.yy devops.com:389} 00000000 nsruvReplicaLastModified: {replica 62 ldap://ipa-65-189.hiido.host.xx.co m:389} 00000000 nsruvReplicaLastModified: {replica 63 ldap://fs-hiido-kerberos-ca-02.hiido.hos t.xx.com:389} 00000000 nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20260129102152Z nsds5replicaLastUpdateEnd: 20260129102152Z nsds5replicaChangesSentSinceStartup:: NDg6MjEvODAwMDYgNDY6MjgvMCA= nsds5replicaLastUpdateStatus: Error (0) Replica acquired successfully: Increme ntal update succeeded nsds5replicaLastUpdateStatusJSON: {"state": "green", "ldap_rc": "0", "ldap_rc_ text": "Success", "repl_rc": "0", "repl_rc_text": "replica acquired", "date": "2026-01-29T10:21:52Z", "message": "Error (0) Replica acquired successfully: Incremental update succeeded"} nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z
dn: cn=meTofs-hiido-kerveros-test08.hiido.host.xx.com,cn=replica,cn=dc\3 Dxx\2Cdc\3Dcom,cn=mapping tree,cn=config cn: meTofs-hiido-kerveros-test08.hiido.host.xx.com description: me to fs-hiido-kerveros-test08.hiido.host.xx.com ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: fs-hiido-kerveros-test08.hiido.host.xx.com nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=xx,dc=com nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 5d778f4c000000040000 nsds50ruv: {replica 44 ldap://fs-hiido-kerveros-test08.hiido.host.xx.com :389} 5ecf60220000002c0000 6977249bd33d002c0000 nsds50ruv: {replica 54 ldap://fs-hiido-kerberos-server04.hiido.host.xx.c om:389} 5ed711b4000000360000 69771921f59b00360000 nsds50ruv: {replica 46 ldap://fs-hiido-kerberos-server02.hiido.host.xx.c om:389} 5ecf76ac0000002e0000 69772499d2ff002e0000 nsds50ruv: {replica 4 ldap://fs-hiido-kerberos-21-117-149.hiido.host.xx. com:389} 5d778f4c000100040000 69731625000800040000 nsds50ruv: {replica 7} 5e732d1c000200070000 5e732d1c000200070000 nsds50ruv: {replica 22 ldap://fs-hiido-kerberos-server01.hiido.host.xx.c om:389} 5ec7b6b1000000160000 5ec7b718000800160000 nsds50ruv: {replica 48 ldap://fs-hiido-kerberos-server03.hiido.host.xx.c om:389} 5ecf811a000000300000 69772433c2e100300000 nsds50ruv: {replica 43 ldap://fs-hiido-hadoop-assit-21-33-33.hiido.host.yydevo ps.com:389} 5ecf67650002002b0000 5ed0c1e50004002b0000 nsds50ruv: {replica 42} 5ecf67710005002a0000 5ed0c0d10003002a0000 nsds50ruv: {replica 38 ldap://fs-hiido-kerveros-test06.hiido.host.xx.com :389} 5ecf6e77001100260000 5ed4d8ff002500260000 nsds50ruv: {replica 39 ldap://fs-hiido-kerveros-test07.hiido.host.xx.com :389} 5ecf6e77001600270000 5ed4d70b000200270000 nsds50ruv: {replica 45} 5ecf755e0000002d0000 5ecf75850000002d0000 nsds50ruv: {replica 60 ldap://fs-hiido-ipa-65-155.hiido.host.xx.com:389} 63108d650000003c0000 69731aae0000003c0000 nsds50ruv: {replica 62 ldap://ipa-65-189.hiido.host.xx.com:389} 631096ad 0001003e0000 69731b0a0004003e0000 nsds50ruv: {replica 63 ldap://fs-hiido-kerberos-ca-02.hiido.host.xx.com: 389} 631565ee0000003f0000 697313c30006003f0000 nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 44 ldap://fs-hiido-kerveros-test08.hiido.ho st.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 54 ldap://fs-hiido-kerberos-server04.hiido. host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 46 ldap://fs-hiido-kerberos-server02.hiido. host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 4 ldap://fs-hiido-kerberos-21-117-149.hiido .host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 7} 00000000 nsruvReplicaLastModified: {replica 22 ldap://fs-hiido-kerberos-server01.hiido. host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 48 ldap://fs-hiido-kerberos-server03.hiido. host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 43 ldap://fs-hiido-hadoop-assit-21-33-33.hi ido.host.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 42} 00000000 nsruvReplicaLastModified: {replica 38 ldap://fs-hiido-kerveros-test06.hiido.ho st.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 39 ldap://fs-hiido-kerveros-test07.hiido.ho st.xx.com:389} 00000000 nsruvReplicaLastModified: {replica 45} 00000000 nsruvReplicaLastModified: {replica 60 ldap://fs-hiido-ipa-65-155.hiido.host.yy devops.com:389} 00000000 nsruvReplicaLastModified: {replica 62 ldap://ipa-65-189.hiido.host.xx.co m:389} 00000000 nsruvReplicaLastModified: {replica 63 ldap://fs-hiido-kerberos-ca-02.hiido.hos t.xx.com:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 19700101000000Z nsds5replicaLastUpdateEnd: 19700101000000Z nsds5replicaChangesSentSinceStartup: nsds5replicaLastUpdateStatus: Error (3) Replication error acquiring replica: U nable to acquire replica: permission denied. The bind dn does not have permis sion to supply replication updates to the replica. Will retry later. (permiss ion denied) nsds5replicaLastUpdateStatusJSON: {"state": "red", "ldap_rc": "0", "ldap_rc_te xt": "Success", "repl_rc": "3", "repl_rc_text": "permission denied", "date": "2026-01-29T10:21:53Z", "message": "Error (3) Replication error acquiring rep lica: Unable to acquire replica: permission denied. The bind dn does not have permission to supply replication updates to the replica. Will retry later. ( permission denied)"} nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z
The relevant issues have been resolved. We have reinstalled all the certificates manually to replace the problematic ones. This was a really frustrating experience that required a lot of effort.
Relevant records have been made. http://localhost:4000/blog/bigdata/hadoop/kdc/kdc-cert.html#%E9%87%8D%E6%96%...
The relevant issues have been resolved. We have reinstalled all the certificates manually to replace the problematic ones. This was a really frustrating experience that required a lot of effort.
Relevant records have been made. The shared URL above is local. https://liangrui198.github.io/blog/bigdata/hadoop/kdc/kdc-cert.html#%E9%87%8...
freeipa-users@lists.fedorahosted.org
-
liang fei