Hi,

I installed and configured many LDAP servers in a multi-master environment.* Work very well.

Now, I want to do a failover of the Configuration Directory Server between two masters, just in case.* I tried to follow the instructions right here:

http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html

It's just as clear as a mud...

I would really like to have an real-life scenario example to help me because I'm struggling to configure it and it doesn't work at all.

For example, the step 1 instruct us to create a file.inf and 4 ldif files:

0.- file.inf

FullMachineName = MY FULL HOSTNAME

AdminDomain = MY DOMAIN NAME

SuiteSpotUserID = nobody

SuiteSpotGroup = nobody

ConfigDirectoryLdapURL = ldap://MY FULL HOSTNAME:389/o=NetscapeRoot

ConfigDirectoryAdminID = admin

ConfigDirectoryAdminPwd = MY PASSWORD



[admin]

ServerAdminID = admin

ServerAdminPwd = MY PASSWORD

SysUser = nobody

ServerIpAddress = MY SERVER IP ADDRESS

Port = 9830



[slapd]

InstallLdifFile = suggest

ServerIdentifier = MY SERVER HOSTNAME

ServerPort = 389

AddOrgEntries = Yes

RootDN = cn=Directory Manager

RootDNPwd = MY DS PASSWORD

SlapdConfigForMC = yes

Suffix = dc=EXAMPLE, dc=NET

UseExistingMC = 0

AddSampleEntries = Yes

ConfigFile = repluser.ldif

ConfigFile = changelog.ldif

ConfigFile = replica.ldif

ConfigFile = replagreement.ldif


1.- repluser.ldif

dn: cn=replication manager,cn=config
changetype: add
objectClass: inetorgperson
objectClass: person
objectClass: top
cn: replication manager
sn: RM
userPassword: MY ENCRYPTED PASSWORD
passwordExpirationTime: 20380119031407Z

2.- changelog.ldif

dn: cn=changelog5,cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
cn: changelog5
nsslapd-changelogdir: /var/lib/dirsrv/slapd-MYINSTANCE/changelogdb

3.- replica.ldif

dn: cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: nsds5replica
objectclass: extensibleObject
cn: replica
nsds5replicaroot: o=NetscapeRoot
nsds5replicaid: 1
nsds5replicatype: 3
nsds5flags: 1
nsds5ReplicaPurgeDelay: 604800
nsds5ReplicaBindDN: cn=replication manager,cn=config


4.- replagreement.ldid


dn: cn=replication_netscaperoot,cn=replica,cn="o=Netsc aperoot",cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: nsds5replicationagreement
cn: replication_netscaperoot
nsds5replicahost: SECONDARY LDAP SERVER HOSTNAME
nsds5replicaport: 389
nsds5ReplicaBindDN: cn=replication manager
nsds5replicabindmethod: SIMPLE
nsds5replicaroot: o=Netscaperoot
description: replication netscaperoot
nsds5replicacredentials: ENCRYPTEDPASSWORD
nsds5BeginReplicaRefresh: start


Then, I ran: /usr/sbin/setup-ds-admin.pl -s -f file.inf*

It went without errors.

And then... I don't see any replica nor replica agreement.* Even the user "cn=replication manager,cn=config' doesn't appear in the console.*

So, I'm wondering if any of you has succeeded to configure a replication/failover of o=NetscapeRoot ?* If yes, I would be greatly appreciated if you could put your examples in real-life scenaro, it would help me alot.

Thank you very much!




--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Mister Anonyme wrote:

Hi,

I installed and configured many LDAP servers in a multi-master
environment. Work very well.


Now, I want to do a failover of the Configuration Directory Server
between two masters, just in case. I tried to follow the instructions
right here:


http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html

It's just as clear as a mud...

I would really like to have an real-life scenario example to help me
because I'm struggling to configure it and it doesn't work at all.


For example, the step 1 instruct us to create a file.inf and 4 ldif files:

0.- file.inf

FullMachineName = MY FULL HOSTNAME
AdminDomain = MY DOMAIN NAME
SuiteSpotUserID = nobody
SuiteSpotGroup = nobody
ConfigDirectoryLdapURL = ldap://MY FULL HOSTNAME:389/o=NetscapeRoot
ConfigDirectoryAdminID = admin
ConfigDirectoryAdminPwd = MY PASSWORD

[admin]
ServerAdminID = admin
ServerAdminPwd = MY PASSWORD
SysUser = nobody
ServerIpAddress = MY SERVER IP ADDRESS
Port = 9830

[slapd]
InstallLdifFile = suggest
ServerIdentifier = MY SERVER HOSTNAME
ServerPort = 389
AddOrgEntries = Yes
RootDN = cn=Directory Manager
RootDNPwd = MY DS PASSWORD
SlapdConfigForMC = yes
Suffix = dc=EXAMPLE, dc=NET
UseExistingMC = 0
AddSampleEntries = Yes
ConfigFile = repluser.ldif
ConfigFile = changelog.ldif
ConfigFile = replica.ldif
ConfigFile = replagreement.ldif


1.- repluser.ldif
dn: cn=replication manager,cn=config
changetype: add
objectClass: inetorgperson
objectClass: person
objectClass: top
cn: replication manager
sn: RM
userPassword: MY ENCRYPTED PASSWORD
passwordExpirationTime: 20380119031407Z

2.- changelog.ldif

dn: cn=changelog5,cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
cn: changelog5
nsslapd-changelogdir: /var/lib/dirsrv/slapd-MYINSTANCE/changelogdb

3.- replica.ldif

dn: cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: nsds5replica
objectclass: extensibleObject
cn: replica
nsds5replicaroot: o=NetscapeRoot
nsds5replicaid: 1
nsds5replicatype: 3
nsds5flags: 1
nsds5ReplicaPurgeDelay: 604800
nsds5ReplicaBindDN: cn=replication manager,cn=config


4.- replagreement.ldid


dn:
cn=replication_netscaperoot,cn=replica,cn="o=Netsc aperoot",cn=mapping
tree,cn=config

changetype: add
objectclass: top
objectclass: nsds5replicationagreement
cn: replication_netscaperoot
nsds5replicahost: SECONDARY LDAP SERVER HOSTNAME
nsds5replicaport: 389
nsds5ReplicaBindDN: cn=replication manager
nsds5replicabindmethod: SIMPLE
nsds5replicaroot: o=Netscaperoot
description: replication netscaperoot
nsds5replicacredentials: ENCRYPTEDPASSWORD
nsds5BeginReplicaRefresh: start


Then, I ran: /usr/sbin/setup-ds-admin.pl -s -f file.inf


It went without errors.

Try setup-ds-admin.pl -ddd
Do you see those replica entries in
/etc/dirsrv/slapd-instancename/dse.ldif ?


And then... I don't see any replica nor replica agreement. Even the
user "cn=replication manager,cn=config' doesn't appear in the console.

So, I'm wondering if any of you has succeeded to configure a
replication/failover of o=NetscapeRoot ? If yes, I would be greatly
appreciated if you could put your examples in real-life scenaro, it
would help me alot.


Thank you very much!



------------------------------------------------------------------------
------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Rich Megginson wrote:

> Try setup-ds-admin.pl -ddd

Here you go:

<snip>
+Processing /usr/share/dirsrv/data/template-dse.ldif ...
+++check_and_add_entry: Entry not found cn=config error No such object
+Entry cn=config is added
+++check_and_add_entry: Entry not found cn=plugins, cn=config error No such object
+Entry cn=plugins, cn=config is added
[...]
</snip>

As you may see, cn=config doesn't exist but was added after ("is added").

Then, processing ldif that I created:

<snip>
+Processing repluser.ldif ...

+++check_and_add_entry: Entry not found cn=replication manager,cn=config error No such object


+Processing changelog.ldif ...

+++check_and_add_entry: Entry not found cn=changelog5,cn=config error No such object


+Processing replica.ldif ...

+++check_and_add_entry: Entry not found cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config error No such object


+Processing replagreement.ldif ...

+++check_and_add_entry: Entry not found
cn=replication_netscaperoot,cn=replica,cn="o=Netsc aperoot",cn=mapping
tree,cn=config error No such object
</snip>


Content of repluser.ldif:

<start>
dn: cn=replication manager,cn=config

changetype: add

objectClass: inetorgperson

objectClass: person

objectClass: top

cn: replication manager

sn: RM

userPassword: _PASSWORD_

passwordExpirationTime: 20380119031407Z
</end>


> Do you see those replica entries in
/etc/dirsrv/slapd-instancename/dse.ldif ?

No.

Thanks!

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Mister Anonyme wrote:

Rich Megginson wrote:

> Try setup-ds-admin.pl -ddd



Here you go:

<snip>
+Processing /usr/share/dirsrv/data/template-dse.ldif ...
+++check_and_add_entry: Entry not found cn=config error No such object
+Entry cn=config is added
+++check_and_add_entry: Entry not found cn=plugins, cn=config error No
such object

+Entry cn=plugins, cn=config is added
[...]
</snip>

As you may see, cn=config doesn't exist but was added after ("is added").

Then, processing ldif that I created:

<snip>
+Processing repluser.ldif ...
+++check_and_add_entry: Entry not found cn=replication
manager,cn=config error No such object


+Processing changelog.ldif ...
+++check_and_add_entry: Entry not found cn=changelog5,cn=config error
No such object


+Processing replica.ldif ...
+++check_and_add_entry: Entry not found
cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config error No such
object


+Processing replagreement.ldif ...
+++check_and_add_entry: Entry not found
cn=replication_netscaperoot,cn=replica,cn="o=Netsc aperoot",cn=mapping
tree,cn=config error No such object

</snip>


Content of repluser.ldif:
It could be that setup doesn't like the changetype: add in there - try
removing that.


<start>
dn: cn=replication manager,cn=config
changetype: add
objectClass: inetorgperson
objectClass: person
objectClass: top
cn: replication manager
sn: RM
userPassword: _PASSWORD_
passwordExpirationTime: 20380119031407Z
</end>


> Do you see those replica entries in
/etc/dirsrv/slapd-instancename/dse.ldif ?


No.

Thanks!
------------------------------------------------------------------------
------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users