logs archiveBotHelp.net / Freenode / #389 / 2015 / September / 25 / 2
kevev
OK
bowhunter
I have used 389-ds exclusively from Linux
I would suggest running the console in compatability mode
kevev
OK will try
Another issue..
bowhunter
Perhaps run it as Windows Vista and see if that helps
ok
kevev
I would like to when adding a user via the console have some additional attributes added to the entry automatically. Is that something in the schema I would need to change?
Vista!!! *barf
bowhunter I found something in the log after replication1
!
On the consumer
nsmmreplicationPlugin - replica_reload_ruv: Warning: new data for replica dc=ldap,dc=local does not match the data in the changelog.
Recreating the changelog file. This could affect replication with replica's consumers in which case the consumer should be reinitialized.
hmmm....Maybe I should reinitialize the consumer?
bowhunter
ah
this is good info
kevev
:D
What would be the next best step?
bowhunter
Personally, I would delete the replication agreements and remake them from scratch so you have a fresh changelog also
kevev
Do errors on node2 which I pushed from.
bowhunter
So you're not di*king around with whether or not the changelog is happy
THat's just me though
kevev
OK
Do I need to delete on both?
bowhunter
I'd remove both replication agreements
kevev
OK
bowhunter
and remake both
also
kevev
Then initilize node1(problem child) from node2?
bowhunter
I set the max changelog size to unlimited, and the max age to 7 days
richm
kevev: http://www.port389.org/docs/389ds/howto/howto-default-console-object-objectclass.html
bowhunter
yes, then initialize one agreement, and then the other
kevev
OK I did 365 days. oops
Actually we need to stay @ 365 days for regulation reasons.
bowhunter: I created replication Agreement on node 2 and initialized node1. Node 1 had the same error about changelog.
Is that OK?
bowhunter
did you delete both replication agreements before you did that?
kevev
Yes
I only have the one new agreement on node 2.
bowhunter
gotcha
kevev
So OK?
Or not OK?
bowhunter
One more thing - do you have the replication DN created on both systems?
I assume so
kevev
uhh
bowhunter
That is to say - the "account" which replication uses to talk to the other servers
kevev
Oh yes. Same user and pass.
bowhunter
for example, I typically use "cn=replication manager,cn=config"
kevev
Yes
bowhunter
ok
and do you select "always keep directories in sync"
whe creating the agreements
kevev
Actually it is uid=RepManager,o=NetscapeRoot
Yes always checked.
bowhunter
I thought the replication DN needs to be a part of cn=config
kevev
Should it be in cn=config?
bowhunter
But I'm not sure if that's required or not
I would defer to richm or mreynolds for that
kevev
bowhunter: everytime I initialize node1 from node2 I see the warning about the replica data not matching the change log. Is that an issue?
bowhunter
I think it would warrant investigation and resolution, yes
But I'm reaching the limits of my diagnostic abilities in this case
kevev
Would removing the changelog be a bad idea on node1?
bowhunter
mreynolds and richm know way more than I do - perhaps one of them will be able to give you a kick in the right direction today
kevev
bowhunter OK thank you.
Hi mreynolds richm. Would you guys be able to assist me with a replication issue?
mreynolds
kevev - replication manager should be under cn=config (not in a database). Also sounds like you did not initialize all your agreements
kevev: the errors log should tell you whats wrong when it tries to replicate a change. Have you tested that replication is working/not working?
kevev
It works.
One sec. I will move RepManager to cn=config
Is cn=config replicated usually?
mreynolds I can't move RepManager to cn=config. Error says "invalid password syntax" - passwords with sttorage scheme are not allowed"
Do I need to recreate instead of cut paste?
mreynolds
kevev: cn=config is not replicated. It needs to exist on each replica that receives replication updates
use ldapmodify to add the entry, and set the password. You should not copy and paste the hashed password either
kevev
mryenolds: Unable to acquire replica: error: permission denied
mreynolds:
That was after replicating with new uid=RepManager,cn=config
richm
kevev: on the replica, you need to change the allowed user to your new user dn, in the config for the replica
kevev
oh right!
THat worked.
CrunkOps
Hello, I have a really weird (to me, an ldap neophyte) sitiuation going on, and I'm looking for some guidance in troubleshooting. Is that a valid use of this channel?
richm
CrunkOps: are you using 389-ds as your LDAP server?
CrunkOps
@richm yes, we are
v 1.2.9.9
richm
wow, that's pretty old - any chance you could upgrade to 1.2.11.latest?
CrunkOps
I'm not sure if we're using centos packages, or if we're rolling our own
kevev
mreynolds richm: I have added some required attributes to the "user" defaultObjectClassesContainer but the y do not show up when creating a suer.
The attributes I added are: posixAccount posixgroup shadowaccount .
Do I need to restart something for this to take affecdt?
mreynolds
kevev: I'
kevev
aye?
as in yes?
:p
mreynolds
I'm assuming this is the console. I've never used this feature though
kevev
yes console.
nothing in error log :(
mreynolds
itwouldn't be
I need to look into it, not sure how it's exactly supposed to work
Its possible that it never worked, fyi
« prev 1 2 3 next »