[Fedora-directory-users] (no subject)

Rich Megginson rmeggins at redhat.com
Wed Aug 13 20:03:31 UTC 2008 

Mister Anonyme wrote:
> > Rich Megginson wrote:
> >> Mister Anonyme wrote:
> >> Hi,
> >> I tried to follow the guidelines here:
> >> 
> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html
> >> And it doesn't work.
> >
> >Can you be more specific?
>
> There you go...
>
> SERVER1 is first server, SERVER2 is second server (failover)
>
> ========================================
> First step (from the doc):  Install and configure the first Directory 
> Server instance.
> ========================================
>
> ******
> file.inf
> ******
> FullMachineName = SERVER1
> AdminDomain = MY DOMAIN NAME
> SuiteSpotUserID = nobody
> SuiteSpotGroup = nobody
> ConfigDirectoryLdapURL = ldap://SERVER1:389/o=NetscapeRoot
> ConfigDirectoryAdminID = admin
> ConfigDirectoryAdminPwd = MY PASSWORD
>
>
> [admin]
> ServerAdminID = admin
> ServerAdminPwd = MY PASSWORD
> SysUser = nobody
> ServerIpAddress = MY SERVER IP ADDRESS
> Port = 9830
>
> [slapd]
> InstallLdifFile = suggest
> ServerIdentifier = SERVER1
> ServerPort = 389
> AddOrgEntries = Yes
> RootDN = cn=Directory Manager
> RootDNPwd = MY DS PASSWORD
> SlapdConfigForMC = yes
> Suffix = dc=EXAMPLE, dc=NET
> UseExistingMC = 0
> AddSampleEntries = Yes
> ConfigFile = repluser.ldif
> ConfigFile = changelog.ldif
> ConfigFile = replica.ldif
> ConfigFile = replagreement.ldif
>
> ***************
> repluser.ldif
> ***************
> dn: cn=replication manager,cn=config
> objectClass: inetorgperson
> objectClass: person
> objectClass: top
> cn: replication manager
> sn: RM
> userPassword: MY ENCRYPTED PASSWORD
> passwordExpirationTime: 20380119031407Z
>
> ****************
> changelog.ldif
> ****************
> dn: cn=changelog5,cn=config
> objectclass: top
> objectclass: extensibleObject
> cn: changelog5
> nsslapd-changelogdir: /var/lib/dirsrv/slapd-MYINSTANCE/changelogdb
>
>
> ************
> replica.ldif
> *************
> dn: cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config
> objectclass: top
> objectclass: nsds5replica
> objectclass: extensibleObject
> cn: replica
> nsds5replicaroot: o=NetscapeRoot
> nsds5replicaid: 1
> nsds5replicatype: 3
> nsds5flags: 1
> nsds5ReplicaPurgeDelay: 604800
> nsds5ReplicaBindDN: cn=replication manager,cn=config
>
>
> ******************
> replagreement.ldif
> ******************
> dn: cn=replication_netscaperoot,cn=replica,cn="o=Netscaperoot",cn=mapping
> tree,cn=config
> objectclass: top
> objectclass: nsds5replicationagreement
> cn: replication_netscaperoot
> nsds5replicahost: SECONDARY LDAP SERVER HOSTNAME
> nsds5replicaport: 389
> nsds5ReplicaBindDN: cn=replication manager
> nsds5replicabindmethod: SIMPLE
> nsds5replicaroot: o=Netscaperoot
> description: replication netscaperoot
> nsds5replicacredentials: ENCRYPTEDPASSWORD
> nsds5BeginReplicaRefresh: start
>
> I run this command:
>
>
> # /usr/sbin/setup-ds-admin -s -f file.inf
>
>
> Here's the log:
> [...]
> +Processing repluser.ldif ...
> +++check_and_add_entry: Entry not found cn=replication 
> manager,cn=config error No such object
> +Entry cn=replication manager,cn=config is added
>
> +Processing changelog.ldif ...
> +++check_and_add_entry: Entry not found cn=changelog5,cn=config error 
> No such object
> +Entry cn=changelog5,cn=config is added
>
> +Processing replica.ldif ...
> +++check_and_add_entry: Entry not found 
> cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config error No such 
> object
> +ERROR: adding an entry cn=replica,cn="o=NetscapeRoot",cn=mapping 
> tree,cn=config failed, error: No such object
> dn: cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config
> objectclass: top
> objectclass: nsds5replica
> objectclass: extensibleObject
> cn: replica
> nsds5replicaroot: o=NetscapeRoot
> nsds5replicaid: 1
> nsds5replicatype: 3
> nsds5flags: 1
> nsds5replicapurgedelay: 604800
> nsds5replicabinddn: cn=replication manager,cn=config
>
> +ERROR: There was an error processing entry 
> cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config
> +Cannot continue processing entries.
>
>
> So, I created another file (the documentation didn't mention this so I 
> don't know if it's the 'good' procedure...):
I think it is mentioned in the documentation.
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html
"2. Install and configure the second Directory Server instance. For the 
second server, |server2.example.com|, use the |setup-ds.pl| command, 
which installs a Directory Server instance without installing a local 
Administration Server. "

Which is what you did below anyway.  However, there is a doc bug:
"ConfigFile = netscaperootdb.ldif example suffix entry"
This links to an example of the suffix only, which is what you did below 
- the ldif only creates the suffix, not the associated database.

The LDIF file should contain this:

dn: cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: o=NetscapeRoot
cn: NetscapeRoot

dn: cn=encrypted attribute keys,cn=NetscapeRoot,cn=ldbm 
database,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: encrypted attributes keys

dn: cn=encrypted attributes,cn=NetscapeRoot,cn=ldbm 
database,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: encrypted attributes

dn: cn="o=NetscapeRoot",cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
cn: "o=NetscapeRoot"
nsslapd-state: backend
nsslapd-backend: NetscapeRoot


>
> *************
> replica_1.ldif
> *************
> dn: cn="o=NetscapeRoot",cn=mapping tree,cn=config
> objectclass: top
> objectclass: nsMappingTree
> objectclass: extensibleObject
> cn: "o=NetscapeRoot"
>
>
> I added just before the replica.ldif in the "file.inf", [slapd] section.
>
> Then:
>
> # /usr/sbin/setup-ds-admin -s -f file.inf
>
> It works well until...:
> [...]
> +[13/Aug/2008:15:07:17 -0400] NSMMReplicationPlugin - 
> _replica_configure_ruv: replication broken for entry (o=NetscapeRoot); 
> LDAP error - 1
> +[13/Aug/2008:15:07:17 -0400] NSMMReplicationPlugin - Unable to 
> configure replica o=NetscapeRoot:
> +[13/Aug/2008:15:07:17 -0400] - slapd started.  Listening on All 
> Interfaces port 389 for LDAP requests
> +Your new directory server has been started.
> Your new DS instance 'INSTANCENAME' was successfully created.
> Creating the configuration directory server . . .
> The suffix 'o=NetscapeRoot' already exists.  Config entry DN 
> 'cn="o=NetscapeRoot",cn=mapping tree,cn=config'.
>
> Failed to create the configuration directory server
> Exiting . . .
>
> So, it won't process LDIF files that I created according to the 
> documentation, but if I force the creation of NetscapeRoot so the 
> replica.ldif can be processed, it won't continue because it already 
> exists...
>
> Great... 
>
> I removed replica_1.ldif, replica.ldif, replagreement.ldif from 
> file.inf and ran this agan:
>
> # /usr/sbin/setup-ds-admin -s -f file.inf
>
> [...]
> The admin server was successfully started.
> Admin server was successfully created, configured, and started.
>
> Then, I manually created a replica and a replica agreement:
>
> /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager"  -w PASSWD < 
> replica.ldif
> /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager"  -w PASSWD < 
> replagreement.ldif
>
> It went with sucess.
>
> Now, step 2 from the doc...
>
> The inf file of the second server:
>
> ******
> file.inf
> ******
> [General]
> AdminDomain = EXAMPLE.DOMAIN
> SuiteSpotGroup = nobody
> ConfigDirectoryLdapURL = ldap://SERVER1 (or SERVER2, doesn't matter, 
> it fails).nl.rsft.net:389/o=NetscapeRoot
> ConfigDirectoryAdminID = admin
> FullMachineName = SERVER2
> SuiteSpotUserID = nobody
> ConfigDirectoryAdminPwd = PASS
>
> [admin]
> ServerAdminID = admin
> ServerAdminPwd = PASS
> SysUser = nobody
> Port = 9830
>
>
> [slapd]
> InstallLdifFile = suggest
> ServerIdentifier = SERVER2
> ServerPort = 389
> AddOrgEntries = Yes
> RootDN = cn=Directory Manager
> RootDNPwd = SERVER2
> Suffix = dc=EXAMPLE,dc=DOMAIN
> UseExistingMC = 0
> AddSampleEntries = No
> ConfigFile = netscaperootdb.ldif
> ConfigFile = repluser.ldif
> ConfigFile = changelog.ldif
> ConfigFile = replica.ldif
> ConfigFile = replagreement.ldif
>
>
> I won't show repluser.ldif, changelog.ldif, replica.ldif and 
> replagreement.ldif, they are same as above, except for netscapeootdb.ldif:
>
> ******************
> netscaperootdb.ldif
> ******************
> dn: cn="o=netscaperoot",cn=mapping tree,cn=config
> objectclass: top
> objectclass: extensibleObject
> objectclass: nsMappingTree
> nsslapd-state: backend
> nsslapd-backend: NetscapeRoot
> cn: o=NetscapeRoot
>
>
> I ran the script:
>
> # /usr/sbin/setup-ds.pl -s -f file.inf
>
> There's not error until...
> [...]
> +importing data ...
> [13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, 
> pages: 258922, procpages: 6198
> [13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k
> [13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, 
> import_pages: 51200, pagesize: 4096
> [13/Aug/2008:15:30:35 -0400] - WARNING: Import is running with 
> nsslapd-db-private-import-mem on; No other process is allowed to 
> access the database
> [13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, 
> pages: 258922, procpages: 6198
> [13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k
> [13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, 
> import_pages: 51200, pagesize: 4096
> [13/Aug/2008:15:30:36 -0400] - import userRoot: Beginning import job...
> [13/Aug/2008:15:30:36 -0400] - import userRoot: Index buffering 
> enabled with bucket size 100
> [13/Aug/2008:15:30:36 -0400] - import userRoot: Processing file 
> "/tmp/ldifBTMcP9.ldif"
> [13/Aug/2008:15:30:36 -0400] - import userRoot: Finished scanning file 
> "/tmp/ldifBTMcP9.ldif" (9 entries)
> [13/Aug/2008:15:30:37 -0400] - import userRoot: Workers finished; 
> cleaning up...
> [13/Aug/2008:15:30:37 -0400] - import userRoot: Workers cleaned up.
> [13/Aug/2008:15:30:37 -0400] - import userRoot: Cleaning up producer 
> thread...
> [13/Aug/2008:15:30:37 -0400] - import userRoot: Indexing complete.  
> Post-processing...
> [13/Aug/2008:15:30:37 -0400] - import userRoot: Flushing caches...
> [13/Aug/2008:15:30:37 -0400] - import userRoot: Closing files...
> [13/Aug/2008:15:30:37 -0400] - All database threads now stopped
> [13/Aug/2008:15:30:37 -0400] - import userRoot: Import complete.  
> Processed 9 entries in 1 seconds. (9.00 entries/sec)
> +Starting the server: /usr/lib/dirsrv/slapd-myinstance/start-slapd
> +Started the server: code 256
> Server failed to start !!! Please check errors log for problems
> +       Red Hat-Directory/8.0.0 B2007.353.1757
> +       server2:389 (/etc/dirsrv/slapd-myinstance)
> +
> +[13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 
> 4096, pages: 258922, procpages: 6198
> +[13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k
> +[13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, 
> import_pages: 51200, pagesize: 4096
> +[13/Aug/2008:15:30:35 -0400] - WARNING: Import is running with 
> nsslapd-db-private-import-mem on; No other process is allowed to 
> access the database
> +[13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 
> 4096, pages: 258922, procpages: 6198
> +[13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k
> +[13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, 
> import_pages: 51200, pagesize: 4096
> +[13/Aug/2008:15:30:36 -0400] - import userRoot: Beginning import job...
> +[13/Aug/2008:15:30:36 -0400] - import userRoot: Index buffering 
> enabled with bucket size 100
> +[13/Aug/2008:15:30:36 -0400] - import userRoot: Processing file 
> "/tmp/ldifBTMcP9.ldif"
> +[13/Aug/2008:15:30:36 -0400] - import userRoot: Finished scanning 
> file "/tmp/ldifBTMcP9.ldif" (9 entries)
> +[13/Aug/2008:15:30:37 -0400] - import userRoot: Workers finished; 
> cleaning up...
> +[13/Aug/2008:15:30:37 -0400] - import userRoot: Workers cleaned up.
> +[13/Aug/2008:15:30:37 -0400] - import userRoot: Cleaning up producer 
> thread...
> +[13/Aug/2008:15:30:37 -0400] - import userRoot: Indexing complete.  
> Post-processing...
> +[13/Aug/2008:15:30:37 -0400] - import userRoot: Flushing caches...
> +[13/Aug/2008:15:30:37 -0400] - import userRoot: Closing files...
> +[13/Aug/2008:15:30:37 -0400] - All database threads now stopped
> +[13/Aug/2008:15:30:37 -0400] - import userRoot: Import complete.  
> Processed 9 entries in 1 seconds. (9.00 entries/sec)
> +[13/Aug/2008:15starting up
> +[13/Aug/2008:15:30:39 -0400] - I'm resizing my cache now...cache was 
> 209715200 and is now 8000000
> +[13/Aug/2008:15:30:39 -0400] - Warning: Mapping tree node entry for 
> o=NetscapeRoot point to an unknown backend : NetscapeRoot
> +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for 
> o=NetscapeRoot point to an unknown backend : NetscapeRoot
> +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for 
> o=NetscapeRoot point to an unknown backend : NetscapeRoot
> +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for 
> o=NetscapeRoot point to an unknown backend : NetscapeRoot
> +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for 
> o=NetscapeRoot point to an unknown backend : NetscapeRoot
> +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for 
> o=NetscapeRoot point to an unknown backend : NetscapeRoot
>
>
> And it hung up.  I had to do CTRL-C to have prompt.  Well, maybe it's 
> normal.. This server isn't completely installed.
>
> So, step 3 from the doc, I ran it on the SERVER1:
>
> # /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager"  -w PASSWD
> ldapmodify-bin: started Wed Aug 13 15:37:03 2008
>
> ldap_init( localhost, 389 )
> dn: cn=ExampleAgreement1,cn=replica,cn="o=NetscapeRoot",cn=mapping 
> tree,cn=config
> changetype: modify
> replace: nsds5beginreplicarefresh
> nsds5beginreplicarefresh: start
> replace nsds5beginreplicarefresh:
>         start
> modifying entry 
> cn=ExampleAgreement1,cn=replica,cn="o=NetscapeRoot",cn=mapping 
> tree,cn=config
> ldap_modify: No such object
>
> This is when I gave up and decided to create a NetscapeRoot's 
> replication directly from the Java console.  I mean, I installed two 
> LDAP servers with the second server that it uses the Configuration 
> Server from the first server. 
>
> The replication works very well between two servers (only if I setup 
> from the Java console) but when I want to do the the step 4 from the 
> doc (create local Administration Server), it doesn't work, the script 
> 'register-ds-admin.pl' always fails.
>
> Thank you very much for your help!
>
> ------------------------------------------------------------------------
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080813/ef029dea/attachment.bin>

More information about the 389-users mailing list