[Fedora-directory-users] Questions about setting up replicationby modifying ldap directly.

[Ryan Braun]

On Wednesday 12 December 2007 4:02 pm, Rich Megginson wrote:
> Chris G. Sellers wrote:
> > Sorry for jumping in here (just joined the list) but it sounds like
> > your replication user is being blocked by an ACI that you have
> > applied.  These could be explicit or inherited from a parent OU in the
> > tree.
>
> And you should definitely be able to see something in the access log for
> host=infinity.xxx.ec.gc.ca.  Keep in mind that the access log is
> buffered so events will not show up for a few minutes if there is no
> other activity.
>
> > Make sure your Replication User is not part of a ACI or make it part
> > of a new ACI that allows objectclass=* full permissions.

Ok I think I got it.

After looking closer at the console log file and this line
DSEntrySet.getAttributes(): failed to get attribute description in 
cn=Replication to 
infinity.xxx.ec.gc.ca,cn=replica,cn="dc=xxx,dc=ec,dc=gc,dc=ca",cn=mapping 
tree,cn=config

I went and manually added a description attribute for the replication 
agreement and I no longer am getting prompted for authentication.  So I'll 
just modify my sub and have it create some kind of default description 
attribute.

Still get the

ReplicationAgreement.updateAgreementFromServer: unable to read the replica 
number of changes from {host=ywgldap1.isb.ec.gc.ca} {port=389} 
{authdn=cn=Directory Manager}
ReplicationAgreement.updateAgreementFromServer: unable to read the replica 
refresh attribute {host=ywgldap1.isb.ec.gc.ca} {port=389} 
{authdn=cn=Directory Manager}
ReplicationAgreement.updateAgreementFromServer: unable to read the consumer 
initialization status attribute (nsds5replicalastinitstatus) 
{host=ywgldap1.isb.ec.gc.ca} {port=389} {authdn=cn=Directory Manager}

But I'm guessing those are more informative type messages then error messages.

Ryan