> On 21 Feb 2020, at 00:28, Thad <thadbrownsc@gmail.com> wrote:
>
> Ok. Thanks William and Thierry. I took a look back at the entry in dse.ldif and somehow my userPassword entry didn't save. I put it back and carefully put in a new complex (not too much) password and restarted everything. It is working now so it was missing field in the dse file and a password issue.
dse.ldif is written by the server on shutdown. So you either need to ldapmodify via cn=config while the server is running, or stop dirsrv, change dse.ldif, and the start it again. If you make a change to dse.ldif wile the server is running, it's "blown away" on shutdown as we write out the consistent in memory dse.ldif. That could be why the change disappeared.
>
> Now I have and issue with replication. Specifically "Replication error acquiring replica. replica busy error code 1." This is in the Consumer initialization status area. in the Status field last update message is "Replica acquired successfully. Incremental update succeeded." This for both NetscapeRoot and userRoot.
>
> However I think I see the issue. When setting up the replication agreement the FQDN for the supplier is automatically given. Since both servers are named the same thing (based on the documentation) shouldn't this cause an issue?
>
>
> I just re-read the documentation again...like I said newbie here. It seems I put the agreement on the consumer and I should have created it on the supplier server to push the data to the consumer. The flow of instructions here wasn't crystal clear to me. So now I am configuring the agreement on the the supplier. The error message I am receiving now is "Consumer server unreachable or invalid credentials supplied. Unable to perform subtree duplication verification." And I think have figured it out, the supplier can reach out to consumer but the traffic isn't coming back. So going to add an entry to the consumer /etc/hosts file and get back with the results.
I'd say look at the DS 10 and DS 11 docs.
We did a lot of work through DS 10 and 11 with the docs and we have documented a lot more on the lifecycles such as removal of a replica in a topology. This in mind, ds 11 has a new CLI suite so the commands may not match what you have, so DS 10 could be better to look at.
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/managing_replication
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/removing-supplier-cleanly
>
> Glad to say replication is working now. It looks like all of the entries have been replicated. I will keep checking for any errors. Once I got the replication agreement on the correct side I ran into some LDAP issues but worked through them. Not sure why the userPassword field on the replication manager entry kept disappearing but had to edit dse.ldif and enter it again. Next up is decommissioning the master server and repeating the whole process a few more times until I am on a current version. So pretty sure you will be hearing from me again if I can't find any good decommission documentation of master/replica setup.
See above - you need to stop dirsrv, edit dse.ldif, then start it OR use ldapmodify on cn=config.
Hope that helps!
>
> Thanks for the help.
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
No comments:
Post a Comment