[389-users] LDAP server is unwilling to perform

Noriko Hosoi nhosoi at redhat.com
Tue Mar 13 17:08:41 UTC 2012 

I see a white space between MYDOMAIN\2C and dc\3Dcom in the agreement 
DN. Basically, it should have been automatically removed.

dn: cn=389 to analog,cn=replica,cn=dc\3DMYDOMAIN\2C dc\3Dcom,cn=mapping 
tree,cn=config

[13/Mar/2012:11:31:12 -0400] NSMMReplicationPlugin - agmtlist_add_callback: Can't start agreement "cn=389-01 to analog-01v,cn=replica,cn=dc\3dMYDOMAIN\2c dc\3dcom,cn=mapping tree,cn=config"

Could you try removing the white space (by editing your dse.ldif)?
1. shutdown the server
2. edit /etc/dirsrv/slapd-YOURID/dse.ldif
    dn: cn=389 to analog,cn=replica,cn=dc\3DMYDOMAIN\2C dc\3Dcom,cn=mapping tree,cn=config
    ==>
    dn: cn=389 to analog,cn=replica,cn=dc\3DMYDOMAIN\2Cdc\3Dcom,cn=mapping tree,cn=config
3. restart the server


mjames at guesswho.com wrote:
>
> Looks like this:
>
> [root at x-web-389-01 ~]# ldapsearch -xLLL -D "cn=directory manager" -W 
> -b cn=config "cn=389 to analog"
>
> Enter LDAP Password:
>
> dn: cn=389 to analog,cn=replica,cn=dc\3DMYDOMAIN\2C 
> dc\3Dcom,cn=mapping tree,cn=config
>
> objectClass: top
>
> objectClass: nsDS5ReplicationAgreement
>
> description: x-web-389-01 to x-analog-01
>
> cn: 389 to analog
>
> nsDS5ReplicaRoot: dc=MYDOMAIN,dc=com
>
> nsDS5ReplicaHost: x-analog-01.MYDOMAIN.com
>
> nsDS5ReplicaPort: 389
>
> nsDS5ReplicaBindDN: cn=repman,cn=config
>
> nsDS5ReplicaTransportInfo: LDAP
>
> nsDS5ReplicaBindMethod: SIMPLE
>
> nsDS5ReplicaCredentials: {DES}/DnkVyIX/let6epFs+gfjw==
>
> nsds50ruv: {replicageneration} 4eb7e52b000000010000
>
> nsds50ruv: {replica 2 ldap://x-analog-01.MYDOMAIN.com:389} 
> 4ec1600f000000020000 4ec29e53000000020000
>
> nsds50ruv: {replica 1 ldap://x-web-389-01.MYDOMAIN.com:389} 
> 4ec116e4000000010000 4f329c1c000100010000
>
> nsruvReplicaLastModified: {replica 2 
> ldap://x-analog-01.MYDOMAIN.com:389} 00000000
>
> nsruvReplicaLastModified: {replica 1 
> ldap://x-web-389-01.MYDOMAIN.com:389} 00000000
>
> nsds5replicareapactive: 0
>
> nsds5replicaLastUpdateStart: 0
>
> nsds5replicaLastUpdateEnd: 0
>
> nsds5replicaChangesSentSinceStartup:
>
> nsds5replicaLastUpdateStatus: 0 No replication sessions started since 
> server startup
>
> nsds5replicaUpdateInProgress: FALSE
>
> nsds5replicaLastInitStart: 0
>
> nsds5replicaLastInitEnd: 0
>
> *From:*Rich Megginson [mailto:rmeggins at redhat.com]
> *Sent:* Tuesday, March 13, 2012 12:24 PM
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* Michael James
> *Subject:* Re: [389-users] LDAP server is unwilling to perform
>
> On 03/13/2012 10:23 AM, mjames at guesswho.com 
> <mailto:mjames at guesswho.com> wrote:
>
> Sorry, forgot to send this to the list.
>
> There appears to be something wrong with your replication agreement 
> entry, but I have no idea what.  That information should be in the 
> logs but it is not.  Can you post your replication agreement entry to 
> the list?
>
> ldapsearch -xLLL -D "cn=directory manager" -W -b cn=config "cn=389 to 
> analog"
>
> *From:*Michael James
> *Sent:* Tuesday, March 13, 2012 12:13 PM
> *To:* 'Rich Megginson'
> *Subject:* RE: [389-users] LDAP server is unwilling to perform
>
> That’s a big **IF** there… I did turn up the logging. Attached is the 
> error log, trimmed to around the time that I tried to create the new 
> replication agreement. Sorry about that.
>
> *From:*Rich Megginson [mailto:rmeggins at redhat.com] 
> <mailto:[mailto:rmeggins at redhat.com]>
> *Sent:* Tuesday, March 13, 2012 11:51 AM
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* Michael James
> *Subject:* Re: [389-users] LDAP server is unwilling to perform
>
> On 03/13/2012 09:41 AM, mjames at guesswho.com 
> <mailto:mjames at guesswho.com> wrote:
>
> Pls see attached new console.log. Thanks.
>
> If you follow the directions at 
> http://port389.org/wiki/FAQ#Troubleshooting to enable the Replication 
> log level, the extra information will be in the directory server 
> errors log, not the console log - /var/log/dirsrv/slapd-INST/errors
>
> Mike
>
> *From:*Rich Megginson [mailto:rmeggins at redhat.com]
> *Sent:* Monday, March 12, 2012 3:14 PM
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* Michael James
> *Subject:* Re: [389-users] LDAP server is unwilling to perform
>
> On 03/12/2012 12:39 PM, mjames at guesswho.com 
> <mailto:mjames at guesswho.com> wrote:
>
> Pls. see attached. Thx.
>
> Hmm - nothing to go on there - please turn on the Replication log 
> level and reproduce the problem - then the errors log may contain more 
> clues
> http://port389.org/wiki/FAQ#Troubleshooting
>
>
> Mike
>
> *From:*Rich Megginson [mailto:rmeggins at redhat.com]
> *Sent:* Monday, March 12, 2012 1:30 PM
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* Michael James
> *Subject:* Re: [389-users] LDAP server is unwilling to perform
>
> On 03/12/2012 11:30 AM, mjames at guesswho.com 
> <mailto:mjames at guesswho.com> wrote:
>
> Thanks for your previous help. I built a new server, CentOS 6.2, added 
> the epel-389-ds-base and epel repos, then installed 389-ds via yum. I 
> ran setup-ds-admin.pl with the “Typical” setup option, user nobody, 
> and registered with one of our existing configuration servers. I 
> created the supplier bind DN on the new server per the installation docs.
>
> At this point, I can’t establish a replication agreement. I open the 
> 389-console on existing server and use the GUI to create a new 
> replication agreement on userRoot. I accepted the defaults, entered 
> the correct bind DN and password. At the end of the wizard, it fails 
> with “LDAP server is unwilling to perform”. In the error log, I see 
> one error. Any help is appreciated. Thanks, Mike
>
> Can you run the console with -D 9 -f console.log, reproduce the 
> problem, remove any sensitive information from console.log, and post 
> console.log to this list?
>
>
>
> [12/Mar/2012:13:26:46 -0400] NSMMReplicationPlugin - 
> agmtlist_add_callback: Can't start agreement "cn=389 to 
> analog-01v,cn=replica,cn=dc\3d<MY_DOMAIN>\2c dc\3dcom,cn=mapping 
> tree,cn=config"
>
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org  <mailto:389-users at lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org  <mailto:389-users at lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org  <mailto:389-users at lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120313/06f8bc99/attachment.html>

More information about the 389-users mailing list