Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

Fedora DS 1.0.2 Multiple Master SSL replication: empty bind DN...: msg#00189

linux.redhat.fedora.directory.user

Subject: Fedora DS 1.0.2 Multiple Master SSL replication: empty bind DN...

This is a multi-part message in MIME format.

Dear List Members,

 

Release: fedora-ds-1.0.2-1.RHEL3.i386.opt.rpm

 

A typical replication error log entry now follows (seen repeatedly at both fedora DS servers):

 

[28/Jun/2006:18:29:21 +0100] NSMMReplicationPlugin - agmt="cn=EDS from server 2" (ukstatlap:636): Unable to acquire replica: permission denied. The bind dn "" does not have permission to supply replication updates to the replica. Will retry later.

 

 

 

Believe me, I have been investigating this one for 2 or 3 days now (having just switched from OpenLDAP, since multiple master replication is required) before sending this submission, just in case I missed a configuration item or work-around, but unfortunately no luck (so far).

 

 

The only reference I can find for SSL Client Authentication based Multiple Master replication (2 Linux RHEL 3 servers being used) that supplies empty DNs, is the Windows specific entry (whose work-around I tried anyway, but without success)…

 

Unable to acquire replica: permission denied. The bind dn "" does not have permission to supply replication updates to the replica. Will retry later.
To workaround the problem, after you modify and save the replication schedule of an agreement, refresh the console, reconfigure the connection settings (to SSL client authentication) for the agreement, and save your changes.

http://www.redhat.com/docs/manuals/dir-server/release-notes/ds611relnotes.html

 

The mutual “Current Supplier DNs” are indeed set (cn=Replication Manager,cn=replication,cn=config) and the corresponding directory entries do exist.

 

The respective server certificates and CA certificates are installed, with Subject DN entries loaded.

 

I do not have Legacy Consumer enabled.

 

CertMapping is also defined (though with a NULL DN being supplied, I guess that will not be kicking in just yet, though there are entries for the exact subject DN anyway.)

 

 

When using simple authentication, with or without SSL, all is well (although replication did require both servers to Initialize the Consumer, I thought that only one was required e.g. ID 1 initializing ID 2, but ID 2 then needed to initialize ID 1 before successful 2-way replication was achieved).

 

 

Any suggestions will be most gratefully received!

 

Regards,

Kevin

 
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: apache win32, Mickael Besse
Next by Date:  Re: apache win32, Graham Leggett
Previous by Thread:  apache win32, Mickael Besse
Next by Thread:  Re: Fedora DS 1.0.2 Multiple Master SSL replication: empty bind DN..., Richard Megginson
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
qplus.devel/200...    network.jabber....    debian.qa-packa...    encryption.gpg....    python.dabo.dev...    uclinux.devel/2...    science.mathema...    recreation.pesc...    kernel.ck/2004-...    mozilla.devel.e...    tex.latex.prosp...    ietf.multi6/200...    bbc.cvs/2002-11...    xfree86.newbie/...    jakarta.taglibs...    altlinux.hardwa...    comedi/2002-05/...    horde.bugs/2004...    games.diplomacy...    finance.e-gold....    web.dom.test-su...    lang.ruby.rails...    os.netbsd.devel...    video.gstreamer...   
Home | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation