this is never needed ^^^Thank you, Mark,
Is there a way to initialize an existing instance without rebuilding the consumer instance from scratch?I tried this:
- remove all *db files from the consumer
You could reuse the same agreement- remove existing agreement from the supplier (from cn=config)
- re-run creating the agreement on the supplier with "init":dsconf -D "***" -w *** ldap://supplier create --suffix "dc=harvard,dc=edu" --host "consumer" --port 636 --conn-protocol LDAPS --bind-dn "cn=replication manager,cn=config" --bind-passwd "***" --bind-method SIMPLE --init consumer-RO
Hmm that does not look like the correct syntax to create and init an agreement. Maybe you left something out when you sent this email? You need "repl-agmt":
# dsconf -D "***" -w *** ldap://supplier repl-agmt create --suffix "dc=harvard,dc=edu" --host CONSUMER_FQDN --port 636 --conn-protocol LDAPS --bind-dn "cn=replication manager,cn=config" --bind-passwd "***" --bind-method SIMPLE --init consumer-RO
Anyway that should have initialized the remote replica. Perhaps this is failing somehow. Please check the access/errors log on the remote replica.
If you already have an agreement you can just try a reinit at any point. No need to remove the agreement before trying to reinit it:
# dsconf -D "***" -w *** ldap://supplier repl-agmt init --suffix "dc=harvard,dc=edu" consumer-RO
Anyway check the logs on the remote server, perhaps replication is not enabled on that server? TLS could be an issue, BIND DN, repl config, etc. The logs will tell us more.
On a side note, if you run the CLI as root locally, you don't need to set the the ldap url or bind credentials. We use LDAPI to map "root" to "cn=directory manager'. You do this by simply specifying the instance name:
# dsconf slapd-YOUR_INSTANCE repl-agmt create --suffix ... ....
You can even shortcut this even more by removing "slapd-"
# dsconf YOUR_INSTANCE repl-agmt create --suffix ... ...
There is also bash completion on the instance name as well:
# dsconf YOUR_IN <hit tab>
And, you can also pre-set values by updating the ~/.dsrc That should be documented in the official Red Hat docs/389 wiki ...
HTH,
Mark
Still got the same error.
Thank you again,- Alex
On Tue, Apr 2, 2024 at 5:35 PM Mark Reynolds <mareynol@redhat.com> wrote:
--Hi Alex,
It definitely works, and that error means you did not "initialize" your new server/replica. Looks like you just setup a replication agreement, but not initialize the remote replica. Once initialized the new server will have the same database generation id and replication updates will flow.
HTH,
Mark
On 4/2/24 5:26 PM, Nazarenko, Alexander wrote:
Hello colleagues,
We plan to move our LDAP service from 389DS 1.3.9 on RHEL7 to 389 DS 2.3.6 on RHEL 9 platform.
Question: is it possible to attach a 389 DS 2.3.6 consumer to 389DS 1.3.9 supplier for seamless transition, and get the data replicated in real time?
My first attempt produced an error about different database versions.
Maybe it is not supposed to work?
Thank you,
- Alex
-- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue-- Identity Management Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
-- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
-- Identity Management Development Team
No comments:
Post a Comment