Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Web & Directory Servers >> Directory Servers

Replication of ACIs DS 6.1 to DS 5.2

Hello !

We have set up a DS6.1 and DS5.2 Server in a Multi Master replication topology.

It worked fine for some days.

Today I imported an ldif on the DS6.1 Server.

The ldif file consists of two acis concerning the Password Extended Operation:

dn: oid=1.3.6.1.4.1.4203.1.11.1,cn=features,cn=config

objectClass: top

objectClass: directoryServerFeature

oid: 1.3.6.1.4.1.4203.1.11.1

cn: Password Modify Extended Op Access Control

aci: (targetattr != "aci")

(version 3.0; acl "Allow Password Change Extended Op to all auth users";

allow( read , search, compare, proxy )

(userdn = "ldap:///anyone");)

aci: (targetattr != "aci")(version 3.0;$

acl "Allow PSLDT1 to use Password Change Extended Op";$

allow( read, search, compare, proxy )$

(groupdn = "ldap:///cn=PSLDT1,ou=groups,dc=hvb,dc=de");)$

After the import the DS5.2 stopped working.

The cn=config path is not replicated as far as I know.

So why does the DS5.2 Server have a problem ?

To get the DS5.2 Server working again I disabled the Replication Agreement from DS6.1 to DS5.2 and we restarted the DS5.2 Server.

I read that we need to import the schema file 00ds6pwp.ldif on the DS5.2 Server.

But will this also solve our problem with the acis ?

All objectclasses used in the ldif file should be known by the DS5.2 Server:

objectClass: top

objectClass: directoryServerFeature

How can I get the ldif file into the DS6 Server and start replication again without breaking the DS5.2 Server ?

Best Regards,

Beate

[1647 byte] By [72716a] at [2007-11-27 10:48:44]
«« set automatically expiration date in a JTextField
»» Appearing the added JTable's cell JComboBox at running the Class
# 1

The 2nd ACI is dubious (but it could be a copy/paster error).

But this ACI has absolutely no impact on any replicated servers. As you mentioned cn=config tree is NOT replicated.

What were the signs that showed the 5.2 server stopped working ? Was there any error in the logs ?

Any error reported on the 6.1 instance ?

Yes you need to import the 00ds6pwp.ldif file on the 5.2 server. This will allow replication to work properly between 6.1 and 5.2 (as 6.1 server does have a new password policy with new operational and configuration attributes that must be declared as such in 5.2).

Regards,

Ludovic.

ludovicpa at 2007-7-28 22:29:06 > top of Java-index,Web & Directory Servers,Directory Servers...
# 2

Hello Ludovic,

thank you for your answer.

We copied the 00ds6pwp.ldif file to the 5.2 server and enabled replication from DS6 to DS5.2 again.

It is working and I could also import the aci.

Best Regards,

Beate

72716a at 2007-7-28 22:29:06 > top of Java-index,Web & Directory Servers,Directory Servers...
# 3

I know there is a lot of information to review in the 5.x->6.x migration guide, so for future reference, the instructions to copy 00ds6pwp.ldif are here:

http://docs.sun.com/app/docs/doc/820-0379/6nc4fc984?a=view

solaris1a at 2007-7-28 22:29:06 > top of Java-index,Web & Directory Servers,Directory Servers...
# 4

I am very confused with the whole Ds5.2 to 6.1 migration process. I tried to start by migrating my consumers to 6.1 while my masters are still 5.2 and just do the migration step by step. I ran into a problem where the DSCC won't see my consumers as being "initialized" by the 5.2 Masters. However, insync and updating objects show that replication is indeed working.

I opened an incident and Sun said that replicating between 5.2 and 6.x servers in not supported and when you migrate, you need to migrate all of your ldaps at the same time.

My question is this, you actually have replication working from a DS5.2<->DS6.1?

cagarcia at 2007-7-28 22:29:06 > top of Java-index,Web & Directory Servers,Directory Servers...
# 5

Hi,

I am sorry that you received such answer from Sun support, and clearly we still have a lot to do to educate the first level of support about our product.

Of course Replication between 5.2 and 6.x is fully supported.

What is not supported is DSCC managing Replication for Directory Server 5.2 instances, and in general DSCC is not able to view or manage DS 5.2 servers.

Regards,

Ludovic.

ludovicpa at 2007-7-28 22:29:06 > top of Java-index,Web & Directory Servers,Directory Servers...
# 6

Thanks. I am glad to know it can work. I do still have an open ticket, any suggestions on how I can get it escalated to someone who would be able to help? <sorry for taking over this thread, i can start new one if you prefer.>

cagarcia at 2007-7-28 22:29:06 > top of Java-index,Web & Directory Servers,Directory Servers...
# 7

Ok

So in the case that was opened, the discussion was on the DSCC reporting replication status, not on replication itself. The statement that we do not support replication between 5.x and 6.x was never made in the case I worked on with this, just that it cant be reported in the DSCC, as we do not support management of 5.x servers in the DSCC.

I'm sorry you're not getting the answer you want with this.

The question was submitted internally to the directory interest lists for validation, and it was verified that we do not support managing/reporting replication status on 5.x servers from the DSCC.

aagrajaaga at 2007-7-28 22:29:06 > top of Java-index,Web & Directory Servers,Directory Servers...
# 8

Yes, it is getting confusing discussing with front line support. I completely understand that the DSCC does NOT manage ds5.2 instances. That was never my interest. I am trying to migrate from 5.2 to 6.1 and as part of that I am trying to upgrade consumers to 6.1 (managed by the DSCC) and have the DS5.2 masters replicate to them. I opened the ticket explaining this setup and so far the answer I got was that what I am doing is not supported. When I asked if it was supported if I only did it command-line without the use of the DSCC, it was also not supported. So, if you have worked on my case, I'd love to chat cause I am confused as to how I can get this working in a supported method.

cagarcia at 2007-7-28 22:29:06 > top of Java-index,Web & Directory Servers,Directory Servers...
# 9

Ok, I will check back with the front line engineering team and make sure you're back on track with getting help with this, sorry about the confusion, the issue is still getting crossed up with the DSCC quesiton then, which we should be moving past at this point. I'll review the posts here and ask for current info, and set up a call to catch up.

aagrajaaga at 2007-7-28 22:29:06 > top of Java-index,Web & Directory Servers,Directory Servers...
# 10

Thanks!! Appreciate any help. I'll also have our Support Manager do whatever he can to help. I have sent screen shots of exactly what I have done and can send anything else you need. I guess they thought i was trying to manage the DS5.2 instance via the DSCC, which i didn't try to. I understand that you can't manage replication for a DS5.2 server as well, but the 6.1 instance is just a consumer, so there were no replication agreements to deal with. Look forward to hearing any new info, thanks again.

cagarcia at 2007-7-28 22:29:06 > top of Java-index,Web & Directory Servers,Directory Servers...
Web & Directory Servers
Directory Servers

Web & Directory Servers Hot Topic

Web & Directory Servers

All Classified