[Fedora-directory-users] Questions about setting up replicationby modifying ldap directly.

Rich Megginson rmeggins at redhat.com
Wed Dec 12 16:02:30 UTC 2007 

Chris G. Sellers wrote:
> Sorry for jumping in here (just joined the list) but it sounds like 
> your replication user is being blocked by an ACI that you have 
> applied.  These could be explicit or inherited from a parent OU in the 
> tree.
And you should definitely be able to see something in the access log for 
host=infinity.xxx.ec.gc.ca.  Keep in mind that the access log is 
buffered so events will not show up for a few minutes if there is no 
other activity.
>
> Make sure your Replication User is not part of a ACI or make it part 
> of a new ACI that allows objectclass=* full permissions.
>
> Sellers
>
> On Dec 12, 2007, at 10:12 AM, Ryan Braun wrote:
>
>> On Tuesday 11 December 2007 11:42 pm, Rich Megginson wrote:
>> > startconsole -D -f console.log -
>>
>>
>> Below is the last 40 lines after the error.  It looks like these 3 
>> lines tell the story though
>>
>> ReplicationAgreement.updateAgreementFromServer: unable to read the 
>> replica number of changes from {host=infinity.xxx.ec.gc.ca} 
>> {port=389} {authdn=cn=Directory Manager}
>> ReplicationAgreement.updateAgreementFromServer: unable to read the 
>> replica refresh attribute {host=infinity.xxx.ec.gc.ca} {port=389} 
>> {authdn=cn=Directory Manager}
>> ReplicationAgreement.updateAgreementFromServer: unable to read the 
>> consumer initialization status attribute (nsds5replicalastinitstatus) 
>> {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager}
>>
>>
>>
>>
>> AgreementReader: start readAgreements()
>> AgreementReader: getFromServer()
>>      Agreement Base DN: cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping 
>> tree,cn=config
>>      Filter:            
>> |(objectclass=nsDS5ReplicationAgreement)(objectclass=LDAPReplica)(objectclass=nsDSWindowsReplicationAgreement)
>> ReplicationAgreement.setOrigEntryDN: cn=Replication to 
>> xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping 
>> tree,cn=config
>> ReplicationAgreement.setEntryDN: cn=Replication to 
>> xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping 
>> tree,cn=config
>> ReplicationAgreement.setOrigEntryDN: cn=Replication to 
>> xxxsrvr4.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping 
>> tree,cn=config
>> ReplicationAgreement.setEntryDN: cn=Replication to 
>> xxxsrvr4.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping 
>> tree,cn=config
>> AgreementReader: end readAgreements()
>> ReplicaResourceObject.treeExpanded: this
>> ReplicationTool.verifyDM: authDN = <cn=Directory Manager>, 
>> authPassword = <xxxxxxxx>
>> getMachineDataDN: returning cn=replication,cn=config
>> AgreementReader: start readAgreements()
>> AgreementReader: getFromServer()
>>      Agreement Base DN: cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping 
>> tree,cn=config
>>      Filter:            
>> |(objectclass=nsDS5ReplicationAgreement)(objectclass=LDAPReplica)(objectclass=nsDSWindowsReplicationAgreement)
>> ReplicationAgreement.setOrigEntryDN: cn=Replication to 
>> xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping 
>> tree,cn=config
>> ReplicationAgreement.setEntryDN: cn=Replication to 
>> xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping 
>> tree,cn=config
>> ReplicationAgreement.setOrigEntryDN: cn=Replication to 
>> xxxsrvr4.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping 
>> tree,cn=config
>> ReplicationAgreement.setEntryDN: cn=Replication to 
>> xxxsrvr4.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping 
>> tree,cn=config
>> AgreementReader: end readAgreements()
>> Add MMR Node
>> Class is com.netscape.admin.dirserv.panel.replication.MMRAgreement
>> Add MMR Node
>> Class is com.netscape.admin.dirserv.panel.replication.MMRAgreement
>> ResourceSet:getString():Unable to resolve general-Apply-ttip
>> ResourceSet:getString():Unable to resolve general-Reset-ttip
>> ResourceSet:getString():Unable to resolve general-Help-ttip
>> ReplicationAgreement.updateAgreementFromServer: unable to read the 
>> replica number of changes from {host=infinity.xxx.ec.gc.ca} 
>> {port=389} {authdn=cn=Directory Manager}
>> ReplicationAgreement.updateAgreementFromServer: unable to read the 
>> replica refresh attribute {host=infinity.xxx.ec.gc.ca} {port=389} 
>> {authdn=cn=Directory Manager}
>> ReplicationAgreement.updateAgreementFromServer: unable to read the 
>> consumer initialization status attribute (nsds5replicalastinitstatus) 
>> {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager}
>> BlankPanel.refresh:refreshed panel data. Class 
>> com.netscape.admin.dirserv.panel.replication.AgreementInfoPanel
>> DSEntrySet.getAttributes(): read entry from DS:LDAPEntry: 
>> cn=Replication to 
>> xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping 
>> tree,cn=config; LDAPAttributeSet:
>> DSEntrySet.getAttributes(): attributes for this 
>> entry:[Ljava.lang.String;@1a28362
>> DSEntrySet.getAttributes(): failed to get attribute description in 
>> cn=Replication to 
>> xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping 
>> tree,cn=config
>> DSEntrySet.show(): some of the attributes of cn=Replication to 
>> xxxldap1.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping 
>> tree,cn=config could not be read.  Either they are not present in the 
>> entry or there is an ACI which prevents that attribute from being 
>> read. Try authenticating as a user with more access
>> DSUtil.reauthenticate: begin: ldc={host=infinity.xxx.ec.gc.ca} 
>> {port=389} {authdn=cn=Directory Manager}
>> ReplicationAgreement.updateAgreementFromServer: unable to read the 
>> replica number of changes from {host=infinity.xxx.ec.gc.ca} 
>> {port=389} {authdn=cn=Directory Manager}
>> ReplicationAgreement.updateAgreementFromServer: unable to read the 
>> replica refresh attribute {host=infinity.xxx.ec.gc.ca} {port=389} 
>> {authdn=cn=Directory Manager}
>> ReplicationAgreement.updateAgreementFromServer: unable to read the 
>> consumer initialization status attribute (nsds5replicalastinitstatus) 
>> {host=infinity.xxx.ec.gc.ca} {port=389} {authdn=cn=Directory Manager}
>> DSTabbedPanel.select: 
>> com.netscape.admin.dirserv.panel.replication.AgreementPanel[,0,0,605x468,layout=java.awt.BorderLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=9,maximumSize=,minimumSize=java.awt.Dimension[width=1,height=1],preferredSize=]
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com 
>> <mailto:Fedora-directory-users at redhat.com>
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
>
> ---
> Chris G. Sellers Lead Internet Engineer
> National Institute for Technology & Liberal Ed.
> 535 West William Street, Ann Arbor, MI 48103
> chris.sellers at nitle.org <mailto:chris.sellers at nitle.org>  734.661.2318
>
>
>
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20071212/22ca8225/attachment.bin>

More information about the 389-users mailing list