[389-users] LDAP server is unwilling to perform
Noriko Hosoi
nhosoi at redhat.com
Tue Mar 13 17:08:41 UTC 2012
I see a white space between MYDOMAIN\2C and dc\3Dcom in the agreement
DN. Basically, it should have been automatically removed.
dn: cn=389 to analog,cn=replica,cn=dc\3DMYDOMAIN\2C dc\3Dcom,cn=mapping
tree,cn=config
[13/Mar/2012:11:31:12 -0400] NSMMReplicationPlugin - agmtlist_add_callback: Can't start agreement "cn=389-01 to analog-01v,cn=replica,cn=dc\3dMYDOMAIN\2c dc\3dcom,cn=mapping tree,cn=config"
Could you try removing the white space (by editing your dse.ldif)?
1. shutdown the server
2. edit /etc/dirsrv/slapd-YOURID/dse.ldif
dn: cn=389 to analog,cn=replica,cn=dc\3DMYDOMAIN\2C dc\3Dcom,cn=mapping tree,cn=config
==>
dn: cn=389 to analog,cn=replica,cn=dc\3DMYDOMAIN\2Cdc\3Dcom,cn=mapping tree,cn=config
3. restart the server
mjames at guesswho.com wrote:
>
> Looks like this:
>
> [root at x-web-389-01 ~]# ldapsearch -xLLL -D "cn=directory manager" -W
> -b cn=config "cn=389 to analog"
>
> Enter LDAP Password:
>
> dn: cn=389 to analog,cn=replica,cn=dc\3DMYDOMAIN\2C
> dc\3Dcom,cn=mapping tree,cn=config
>
> objectClass: top
>
> objectClass: nsDS5ReplicationAgreement
>
> description: x-web-389-01 to x-analog-01
>
> cn: 389 to analog
>
> nsDS5ReplicaRoot: dc=MYDOMAIN,dc=com
>
> nsDS5ReplicaHost: x-analog-01.MYDOMAIN.com
>
> nsDS5ReplicaPort: 389
>
> nsDS5ReplicaBindDN: cn=repman,cn=config
>
> nsDS5ReplicaTransportInfo: LDAP
>
> nsDS5ReplicaBindMethod: SIMPLE
>
> nsDS5ReplicaCredentials: {DES}/DnkVyIX/let6epFs+gfjw==
>
> nsds50ruv: {replicageneration} 4eb7e52b000000010000
>
> nsds50ruv: {replica 2 ldap://x-analog-01.MYDOMAIN.com:389}
> 4ec1600f000000020000 4ec29e53000000020000
>
> nsds50ruv: {replica 1 ldap://x-web-389-01.MYDOMAIN.com:389}
> 4ec116e4000000010000 4f329c1c000100010000
>
> nsruvReplicaLastModified: {replica 2
> ldap://x-analog-01.MYDOMAIN.com:389} 00000000
>
> nsruvReplicaLastModified: {replica 1
> ldap://x-web-389-01.MYDOMAIN.com:389} 00000000
>
> nsds5replicareapactive: 0
>
> nsds5replicaLastUpdateStart: 0
>
> nsds5replicaLastUpdateEnd: 0
>
> nsds5replicaChangesSentSinceStartup:
>
> nsds5replicaLastUpdateStatus: 0 No replication sessions started since
> server startup
>
> nsds5replicaUpdateInProgress: FALSE
>
> nsds5replicaLastInitStart: 0
>
> nsds5replicaLastInitEnd: 0
>
> *From:*Rich Megginson [mailto:rmeggins at redhat.com]
> *Sent:* Tuesday, March 13, 2012 12:24 PM
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* Michael James
> *Subject:* Re: [389-users] LDAP server is unwilling to perform
>
> On 03/13/2012 10:23 AM, mjames at guesswho.com
> <mailto:mjames at guesswho.com> wrote:
>
> Sorry, forgot to send this to the list.
>
> There appears to be something wrong with your replication agreement
> entry, but I have no idea what. That information should be in the
> logs but it is not. Can you post your replication agreement entry to
> the list?
>
> ldapsearch -xLLL -D "cn=directory manager" -W -b cn=config "cn=389 to
> analog"
>
> *From:*Michael James
> *Sent:* Tuesday, March 13, 2012 12:13 PM
> *To:* 'Rich Megginson'
> *Subject:* RE: [389-users] LDAP server is unwilling to perform
>
> That’s a big **IF** there… I did turn up the logging. Attached is the
> error log, trimmed to around the time that I tried to create the new
> replication agreement. Sorry about that.
>
> *From:*Rich Megginson [mailto:rmeggins at redhat.com]
> <mailto:[mailto:rmeggins at redhat.com]>
> *Sent:* Tuesday, March 13, 2012 11:51 AM
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* Michael James
> *Subject:* Re: [389-users] LDAP server is unwilling to perform
>
> On 03/13/2012 09:41 AM, mjames at guesswho.com
> <mailto:mjames at guesswho.com> wrote:
>
> Pls see attached new console.log. Thanks.
>
> If you follow the directions at
> http://port389.org/wiki/FAQ#Troubleshooting to enable the Replication
> log level, the extra information will be in the directory server
> errors log, not the console log - /var/log/dirsrv/slapd-INST/errors
>
> Mike
>
> *From:*Rich Megginson [mailto:rmeggins at redhat.com]
> *Sent:* Monday, March 12, 2012 3:14 PM
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* Michael James
> *Subject:* Re: [389-users] LDAP server is unwilling to perform
>
> On 03/12/2012 12:39 PM, mjames at guesswho.com
> <mailto:mjames at guesswho.com> wrote:
>
> Pls. see attached. Thx.
>
> Hmm - nothing to go on there - please turn on the Replication log
> level and reproduce the problem - then the errors log may contain more
> clues
> http://port389.org/wiki/FAQ#Troubleshooting
>
>
> Mike
>
> *From:*Rich Megginson [mailto:rmeggins at redhat.com]
> *Sent:* Monday, March 12, 2012 1:30 PM
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* Michael James
> *Subject:* Re: [389-users] LDAP server is unwilling to perform
>
> On 03/12/2012 11:30 AM, mjames at guesswho.com
> <mailto:mjames at guesswho.com> wrote:
>
> Thanks for your previous help. I built a new server, CentOS 6.2, added
> the epel-389-ds-base and epel repos, then installed 389-ds via yum. I
> ran setup-ds-admin.pl with the “Typical” setup option, user nobody,
> and registered with one of our existing configuration servers. I
> created the supplier bind DN on the new server per the installation docs.
>
> At this point, I can’t establish a replication agreement. I open the
> 389-console on existing server and use the GUI to create a new
> replication agreement on userRoot. I accepted the defaults, entered
> the correct bind DN and password. At the end of the wizard, it fails
> with “LDAP server is unwilling to perform”. In the error log, I see
> one error. Any help is appreciated. Thanks, Mike
>
> Can you run the console with -D 9 -f console.log, reproduce the
> problem, remove any sensitive information from console.log, and post
> console.log to this list?
>
>
>
> [12/Mar/2012:13:26:46 -0400] NSMMReplicationPlugin -
> agmtlist_add_callback: Can't start agreement "cn=389 to
> analog-01v,cn=replica,cn=dc\3d<MY_DOMAIN>\2c dc\3dcom,cn=mapping
> tree,cn=config"
>
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org <mailto:389-users at lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org <mailto:389-users at lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org <mailto:389-users at lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120313/06f8bc99/attachment.html>
More information about the 389-users
mailing list