[Fedora-directory-users] Questions about setting up replicationby modifying ldap directly.

Chris G. Sellers chris.sellers at nitle.org
Wed Dec 12 15:25:44 UTC 2007 

Sorry for jumping in here (just joined the list) but it sounds like  
your replication user is being blocked by an ACI that you have  
applied.  These could be explicit or inherited from a parent OU in the  
tree.

Make sure your Replication User is not part of a ACI or make it part  
of a new ACI that allows objectclass=* full permissions.

Sellers

On Dec 12, 2007, at 10:12 AM, Ryan Braun wrote:

> On Tuesday 11 December 2007 11:42 pm, Rich Megginson wrote:
> > startconsole -D -f console.log -
>
>
> Below is the last 40 lines after the error.  It looks like these 3  
> lines tell the story though
>
> ReplicationAgreement.updateAgreementFromServer: unable to read the  
> replica number of changes from {host=infinity.xxx.ec.gc.ca}  
> {port=389} {authdn=cn=Directory Manager}
> ReplicationAgreement.updateAgreementFromServer: unable to read the  
> replica refresh attribute {host=infinity.xxx.ec.gc.ca} {port=389}  
> {authdn=cn=Directory Manager}
> ReplicationAgreement.updateAgreementFromServer: unable to read the  
> consumer initialization status attribute  
> (nsds5replicalastinitstatus) {host=infinity.xxx.ec.gc.ca} {port=389}  
> {authdn=cn=Directory Manager}
>
>
>
>
> AgreementReader: start readAgreements()
> AgreementReader: getFromServer()
>      Agreement Base DN: cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping  
> tree,cn=config
>      Filter:            |(objectclass=nsDS5ReplicationAgreement) 
> (objectclass=LDAPReplica)(objectclass=nsDSWindowsReplicationAgreement)
> ReplicationAgreement.setOrigEntryDN: cn=Replication to  
> xxxldap1 
> .xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping  
> tree,cn=config
> ReplicationAgreement.setEntryDN: cn=Replication to  
> xxxldap1 
> .xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping  
> tree,cn=config
> ReplicationAgreement.setOrigEntryDN: cn=Replication to  
> xxxsrvr4 
> .xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping  
> tree,cn=config
> ReplicationAgreement.setEntryDN: cn=Replication to  
> xxxsrvr4 
> .xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping  
> tree,cn=config
> AgreementReader: end readAgreements()
> ReplicaResourceObject.treeExpanded: this
> ReplicationTool.verifyDM: authDN = <cn=Directory Manager>,  
> authPassword = <xxxxxxxx>
> getMachineDataDN: returning cn=replication,cn=config
> AgreementReader: start readAgreements()
> AgreementReader: getFromServer()
>      Agreement Base DN: cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping  
> tree,cn=config
>      Filter:            |(objectclass=nsDS5ReplicationAgreement) 
> (objectclass=LDAPReplica)(objectclass=nsDSWindowsReplicationAgreement)
> ReplicationAgreement.setOrigEntryDN: cn=Replication to  
> xxxldap1 
> .xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping  
> tree,cn=config
> ReplicationAgreement.setEntryDN: cn=Replication to  
> xxxldap1 
> .xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping  
> tree,cn=config
> ReplicationAgreement.setOrigEntryDN: cn=Replication to  
> xxxsrvr4 
> .xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping  
> tree,cn=config
> ReplicationAgreement.setEntryDN: cn=Replication to  
> xxxsrvr4 
> .xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping  
> tree,cn=config
> AgreementReader: end readAgreements()
> Add MMR Node
> Class is com.netscape.admin.dirserv.panel.replication.MMRAgreement
> Add MMR Node
> Class is com.netscape.admin.dirserv.panel.replication.MMRAgreement
> ResourceSet:getString():Unable to resolve general-Apply-ttip
> ResourceSet:getString():Unable to resolve general-Reset-ttip
> ResourceSet:getString():Unable to resolve general-Help-ttip
> ReplicationAgreement.updateAgreementFromServer: unable to read the  
> replica number of changes from {host=infinity.xxx.ec.gc.ca}  
> {port=389} {authdn=cn=Directory Manager}
> ReplicationAgreement.updateAgreementFromServer: unable to read the  
> replica refresh attribute {host=infinity.xxx.ec.gc.ca} {port=389}  
> {authdn=cn=Directory Manager}
> ReplicationAgreement.updateAgreementFromServer: unable to read the  
> consumer initialization status attribute  
> (nsds5replicalastinitstatus) {host=infinity.xxx.ec.gc.ca} {port=389}  
> {authdn=cn=Directory Manager}
> BlankPanel.refresh:refreshed panel data. Class  
> com.netscape.admin.dirserv.panel.replication.AgreementInfoPanel
> DSEntrySet.getAttributes(): read entry from DS:LDAPEntry:  
> cn=Replication to  
> xxxldap1 
> .xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping  
> tree,cn=config; LDAPAttributeSet:
> DSEntrySet.getAttributes(): attributes for this entry: 
> [Ljava.lang.String;@1a28362
> DSEntrySet.getAttributes(): failed to get attribute description in  
> cn=Replication to  
> xxxldap1 
> .xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping  
> tree,cn=config
> DSEntrySet.show(): some of the attributes of cn=Replication to  
> xxxldap1 
> .xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping  
> tree,cn=config could not be read.  Either they are not present in  
> the entry or there is an ACI which prevents that attribute from  
> being read. Try authenticating as a user with more access
> DSUtil.reauthenticate: begin: ldc={host=infinity.xxx.ec.gc.ca}  
> {port=389} {authdn=cn=Directory Manager}
> ReplicationAgreement.updateAgreementFromServer: unable to read the  
> replica number of changes from {host=infinity.xxx.ec.gc.ca}  
> {port=389} {authdn=cn=Directory Manager}
> ReplicationAgreement.updateAgreementFromServer: unable to read the  
> replica refresh attribute {host=infinity.xxx.ec.gc.ca} {port=389}  
> {authdn=cn=Directory Manager}
> ReplicationAgreement.updateAgreementFromServer: unable to read the  
> consumer initialization status attribute  
> (nsds5replicalastinitstatus) {host=infinity.xxx.ec.gc.ca} {port=389}  
> {authdn=cn=Directory Manager}
> DSTabbedPanel.select:  
> com.netscape.admin.dirserv.panel.replication.AgreementPanel[, 
> 0,0,605x468 
> ,layout 
> = 
> java 
> .awt 
> .BorderLayout 
> ,alignmentX 
> = 
> 0.0 
> ,alignmentY 
> = 
> 0.0 
> ,border 
> = 
> ,flags 
> = 
> 9 
> ,maximumSize 
> =,minimumSize=java.awt.Dimension[width=1,height=1],preferredSize=]
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>


---
Chris G. Sellers		Lead Internet Engineer
National Institute for Technology & Liberal Ed.
535 West William Street, Ann Arbor, MI 48103
chris.sellers at nitle.org		 734.661.2318





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20071212/1bd14ab3/attachment.html>

More information about the 389-users mailing list