> On 20 Feb 2020, at 07:35, Thaddeus Brown <thadbrownsc@gmail.com> wrote:
>
> First, i am a noob to ldap and directory server.
All good, happy to have you here!
> I have been at this for 30+ days in various scenarios to move off of directory server 8.2 to 11. In my latest iteration I am just trying to step through the major upgrades os/ds one at time to get to my end result.
> I am trying to replicate databases from directory server 8.2 to 9. I have followed the redhat documentation but still struggling. On the consumer, I am getting the error message,
> slapi_ldap_bind - error: could not bind id [cn=replication manager,cn=config] mech [SIMPLE]: error 48 (inappropriate authentication) errno 0 (Success)
>
> I have changed the password do it wouldn't be too simple. Made sure that supplier dn is cn=replication manager,cn=config as well as simple bind userid. How can I check if security and what type is on supplier?
On the consumer, you should check the cn=replication manager,cn=config exists, and you can do an ldapwhoami -H ldaps://consumer.ldap.example.com -D "cn=replication manager,cn=config" -w -x
On the supplier you need to look for the replication agreements, you can use ldapsearch -H ldaps://supplier.ldap.example.com -D 'cn=Directory Manager' -b cn=config -x -w '(objectClass=nsds5ReplicationAgreement)' to show these. You need to check the bind method is SIMPLE, the bind dn is correct, and the nsds5replicacredentials is correct password. It's also worth checking the port and hostnames too.
For replication logging you can set the error log level to 8192 in cn=config as well.
As always, if possible create a "staging" or "development" environment that matches your production, and try things out there too.
https://access.redhat.com/documentation/en-us/red_hat_directory_server/9.0/html/administration_guide/managing_replication-configuring-replication-cmd#Configuring-Replication-Suppliers-cmd
Hope that helps, if you have more questions, please let us know!
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
No comments:
Post a Comment