SUMMARY: Netscape/iplanet LDAP replication help

From: Hoff_D <>
Date: Mon Mar 18 2002 - 13:38:19 EST
I received two responses to this query.  It's unfortunate that sun/iplanet's
documentation isn't more clear.

> From: Lee Trujillo [] 
Hey Dustin.

First off, you can remove the uid=RManager, the replication function
requires a
pseudo or non-active user much like cn=Directory Manager.  Remove the ACI
the Replication user will not need this.

1) On the consumer (replica) where you specify the bind user for
put in something like "cn=Replication Manager"...again this is a "special"
system user that is not located in either your o=replicate_tree or

2) Setup the Change log using the Defaults on the Master.

3) Setup your replication agreement using the cn=Replication Manager special
user and password you added on the Consumer.

4) Initialize your replication agreement.  If there are more than a few
users, and you have a slow network you may want to have the Replication
Agreement Wizard save an Initialization LDIF File.  This way you can ftp it
the Consumer, import that ldif file, after which you would go back to the
and the Replication Agreement and "syncronize" the two.  This gets any
made since you imported the initialization ldif file.

Make sense ?



> From: John Birtley [] 
Try doing the bind as Directory Manager, see how you get on with that.

Also, try binding using the command line utilities:

	cd /usr/netscape/server4/shared/bin
	./ldapsearch -h CONSUMER -p 389 -b o=tree_to_replicate -D
"cn=RManager" -w
PASS -v "cn=*"

See if that allows you to bind.

The version thing should not give you any problems - LDAP is a standard

> -----Original Message-----
> From:
> []On Behalf Of Hoff_D
> Sent: 07 March 2002 16:37
> To: ''
> Subject: Netscape/iplanet LDAP replication help
> Hello,
> I have a 4.15 supplier and 4.16 consumer but I cannot get replication
> working.  I have followed the admin guides and what online info I
> have found
> and here is what I have done:
> 1. created user "uid=RManager, ou=administrators, ou=topologymanagement,
> o=netscaperoot" on consumer
> 2. created aci to allow uid=rmanager full access to o=tree_to_replicate
> 3. specified rmanager info and password in consumer replication config
> 4. created new SIR agreement on supplier using
> o=tree_to_replicate, c=us and
> uid=rmanager, ou=adminstrators...
> It finally starts to initialize the consumer, and then finishes a few
> minutes later with only
> "online replica creation: repl_bind to server:389 failed.  Aborting"
> The access logs on the consumer show that the supplier was able to bind to
> the tree using the rmanager user, and I don't see anything indicating a
> problem.
> I'm sure this is an easy problem to resolve, but I'm new to ldap
> and haven't
> been able to find a good source of information to help work through this.
> Any insight would be greatly appreciated!
> Dustin
sunmanagers mailing list
Received on Tue Mar 19 12:42:17 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:37 EST