1833804 Members
2613 Online
110063 Solutions
New Discussion

LDAP Replication

 
Clemens van Everdingen
Honored Contributor

LDAP Replication

Hi,

I installed Netscape driectory server 6.11 on HP-UX 11.i.

It works fine. Now I want to replicate one server to another one on a different server.
I need to enter an entry for the cn=replication manager.

For some reason I am not able to get this done.
The replication is still not working !

Anybody any detailed explanation except from the installation an admin guide ?

I want to use it for single master replication.
How do I get this done @$#^&*@#( :))

Thanks in advance !

Clemens
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
23 REPLIES 23
Hemanth Gurunath Basrur
Honored Contributor

Re: LDAP Replication

Hello Clemens,

These documents should definitely be of use to you.

Refer to Netscape Directory Server Administrator's Guide for info on replication.

http://enterprise.netscape.com/docs/directory/61/ag/modify.htm#1128219

Netscape Directory Server 6.11 Release Notes for what has been fixed w.r.t replication in this release.

http://enterprise.netscape.com/docs/directory/611/ds611relnotes.html

Regards,
Hemanth
Hemanth Gurunath Basrur
Honored Contributor

Re: LDAP Replication

Hello Clemens,

Also go through the product brief Netscape Directory Server for HP-UX.

http://www.hp.com/products1/unix/operating/infolibrary/briefs/netscape_directory_server.pdf

Regards,
Hemanth
Clemens van Everdingen
Honored Contributor

Re: LDAP Replication

Hemanth,

These documents I have found already, but they do not state clearly the exact needed procedure to create the replication manager's entry in the directory server.

So I am still looking for more specific info.

Kind regards,
Clemens
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
Norman_21
Honored Contributor

Re: LDAP Replication

Clemens,

I have some manuals written by some guys from the Asia Pacific when I use to deal with them. Those configuration are customzied to my old job but if you want I can post some of the steps and I'm sure it'll help. Are you running Netscape Suite Spot enterprise in WinNT and HP-UX?

Take care
"Attitudes are contagious, is yours worth catching"/ My first point was given by SEP on January 31, 2003
Clemens van Everdingen
Honored Contributor

Re: LDAP Replication

Xman,

I am using Directory server 6.11 only on HP-UX.
Please post some of the config steps.
Especially the ones regarding the replication part !
Till now I did not succeed in creating the replication manager entry.

Kind regards,
Clemens
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
Zeev Schultz
Honored Contributor

Re: LDAP Replication

It looks like a manual process.Though I remeber
creating replicas through Netscape (iPlanet) gui once upon a time (v ~ 4.1). Check this one also:

http://www.ldapguru.org/modules/newbb/viewtopic.php?topic_id=719&forum=6

On the other hand in the OpenLDAP updatedn and binddn (in slapd.conf) are used. I remember using many of OpenLDAP things with NS Ldap 4.1 but not sure how much they are the same :)

This is for OpenLDAP :
http://www.openldap.org/doc/admin21/replication.html
So computers don't think yet. At least not chess computers. - Seymour Cray
Clemens van Everdingen
Honored Contributor

Re: LDAP Replication

Zeev,

Found both the documents, but they do not give a detailed explanation on how to create the binddn cn=replication manager.

Kind regards,
Clemens
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
Norman_21
Honored Contributor

Re: LDAP Replication

Clemens,

I sure will when I get home. I hope it'll do it for you !

later........
"Attitudes are contagious, is yours worth catching"/ My first point was given by SEP on January 31, 2003
Clemens van Everdingen
Honored Contributor

Re: LDAP Replication

Xman,

Thanks in advance !

Clemens
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
Zeev Schultz
Honored Contributor

Re: LDAP Replication

Clemens,
Found some AOL opss.. sorry Netscape :) training slides on the Net where some template
files :
replica-master.ldif and replica-consumer.ldif
are mentioned - the url:
http://people.netscape.com/richm/DS60Training/DS60Training.ppt

Nice paper , shows the differences btw v.4 (which I used) and v.6 (new one).

How do you try to add cn=replication manager (under cn=config I assume). It should not be a part of replicated database.Can you see it under: ldapsearch -s base -b cn=config "objectclass=*".

Zeev
So computers don't think yet. At least not chess computers. - Seymour Cray
Clemens van Everdingen
Honored Contributor

Re: LDAP Replication

Zeev,

I need to know with what objectclass it should be created !

For now the above command is showing nothing at all !
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
Zeev Schultz
Honored Contributor

Re: LDAP Replication

Clemens,

Ok,what is shown with
ldapsearch -b "cn=config" -D bindDN -w password
(put your defined BindDN ie uid=User...)?
Is there an entry for replication manager already?

As far as I understood from NS documentation it should be an entry addition (like any other entry) under cn=config (which is used for LDAP configuration settings).
May be I'm missing something here?

P.S I also think it can be added to dse.ldif manually. LDAP loads this file on startup.
So computers don't think yet. At least not chess computers. - Seymour Cray
Clemens van Everdingen
Honored Contributor

Re: LDAP Replication

Zeev,

I tried this one:

/ldapsearch -b "dc=lpnl,dc=aalh" "cn=config" -D "cn=directory manager" -w -

Result:
nothing at all !
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
Zeev Schultz
Honored Contributor

Re: LDAP Replication

And what is in dse.ldif?
So computers don't think yet. At least not chess computers. - Seymour Cray
Clemens van Everdingen
Honored Contributor

Re: LDAP Replication

Zeev,

I will post this tomorrow morning from the office.
Thanks ind advance for the help.

Clemens
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
Norman_21
Honored Contributor

Re: LDAP Replication

Clemens,

I believe the attached Training manual will do it!

Object Class is a rule that defines which attributes are mandatory and which are optional for a specific entry.

dn: uid=scarter, ou=People, o=Airius.com
cn: Sam Carter
sn: Carter
givenname: Sam
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
l: Sunnyvale
uid: scarter
mail: scarter@airius.com
telephonenumber: +1 408 555 4798
facsimiletelephonenumber: +1 408 555 9751
roomnumber: 4612
userpassword: sprain

look at page 14, it should give you a complete idea! The version is old though, it is Netscape SuiteSpot 3.6 Enterprise Servers.

Good luck
"Attitudes are contagious, is yours worth catching"/ My first point was given by SEP on January 31, 2003
Norman_21
Honored Contributor

Re: LDAP Replication

Oops,

Here is the correct manual
"Attitudes are contagious, is yours worth catching"/ My first point was given by SEP on January 31, 2003
Clemens van Everdingen
Honored Contributor

Re: LDAP Replication

Xman,

Thanks for the documents.
Too bad they are for the older version.
This is exactly the problem :) The older version is a bit different in replication configuration. So the docs do not explain it rightly. :(

Zeev,

I added an attachment with the dse.ldif file
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
Zeev Schultz
Honored Contributor

Re: LDAP Replication

Clemens,

dse.ldif looks ok. Netscape as usual didn't fix ldapsearch command to be more interactive:(. I mean the syntax you used :

ldapsearch -b "dc=lpnl,dc=aalh" "cn=config" -D "cn=directory manager" -w -

should better be :
-b "cn=config" -D "cn=directory manager" -w

Anyway,you can see the cn=config in the dse.ldif. Now here are 2 ways to put an entry:

1)ldapmodify (see pages 57-58 of Administrator's guide)
2)directly into dse.ldif

save a copy of dse.ldif first,find
dn: cn=uniqueid generator,cn=config
objectClass: top
objectClass: extensibleObject

and put :
dn: cn=Replication manager,cn=config
objectClass: top
objectClass: extensibleObject

As they say on page 297 of Administrator's guid there also should be password / expiration time entries. I guess these are better to set with ldapmodify -w (for password) and direct editing (for expiration).

After changing dse.ldif (either way - ldapmdify or editing) - reload the service.Check the logs that everything was ok.Check with ldapmodify (as I show above,with password etc ) that you can see the entry.Go on from there by the guide.
If database doesn't come up for some reason,return old dse.ldif.

Zeev
So computers don't think yet. At least not chess computers. - Seymour Cray
Zeev Schultz
Honored Contributor

Re: LDAP Replication

clarification: in dse.ldif put the new entry after :

dn: cn=uniqueid generator,cn=config
objectClass: top
objectClass: extensibleObject
nsState:: AbId0jqJqACKk8y7AAATuQAAAAAAAAAA
cn: uniqueid generator
creatorsName: cn=server,cn=plugins,cn=config
modifiersName: cn=server,cn=plugins,cn=config
createTimestamp: 20030930111117Z
modifyTimestamp: 20030930165752Z

(including 1 blank line between each 2 entries).

P.S NS doesn't recomment to edit directly the dse.ldif, so probably ldapmodify way can be tried first.

P.P.S Read more about replicas, you should add cn=Replication Manager on consumer , not supplier!
So computers don't think yet. At least not chess computers. - Seymour Cray
Clemens van Everdingen
Honored Contributor

Re: LDAP Replication

Zeev,

Sorry I did not respond earlier, but we had a long working week behind us, and did not found the time to go on with this.

I wiil respond later on with the results or even more questions.

Thanks,
Clemens
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
Clemens van Everdingen
Honored Contributor

Re: LDAP Replication

Hi,

Back again.
Today I finaly managed to get the server replicated to a second one.
From here the third or even more should be no problem.

For all interested in the solution:

After some tests and exploring all the log files on the two servers I found a line in the logfile on the second server which mentioned "insufficient system resources"

Before I already checked the syslog.log files and found no clue for any kernel limitation.
Then I used SCC (cfg2html) to check for differences on both systems, and found out that the kernel parm max_thread_proc was defined different.

Although the main server was a clone from the second (replica server) the parm was lower than the main server.

So basicly I solved to issues today.
Finally got the server replicated and found out there is more work to do on changing the kernel on the other server.

On the other hand there is still the issue with the replication manager entry.
I did not got the right entry till now, but I used the "cn=Directory Manager" entry for now.
So, next week more on this issue.
I will try to mange that as well.
If someone has a complete entry in ldif format for me that would be great.

Thanks so far.
Clemens
Points will follow

The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
Clemens van Everdingen
Honored Contributor

Re: LDAP Replication

Hi,

I added the following to dse.ldif

dn: cn=Replication manager,cn=config
objectClass: top
objectClass: extensibleObject

What else do I have to add to get a working cn=replication manager ?

I have read almost every piece of documentation regarding replication, but did not find any specific example regarding this.

I am able to replicate, but with the wrong id (cn=directory manager)

So I still need some specifics about this.
Anybody out there has more specific examples ?

Kind regards,
Clemens
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !