Sure, I've removed hostnames etc, I hope that doesn't make it more difficult
for you, I've checked the hostnames and they are definitely correct, the same
one used from primary to secondary ldapsearch command. Let me know if you want
me to do a better job at changing hostnames/dn and I'll send you better output.
dn: cn=replica,cn=dcxxxcn=mapping
tree,cn=config
objectClass: top
objectClass: nsds5Replica
cn: replica
nsDS5ReplicaRoot: dc=xxx
nsDS5Flags: 1
nsDS5ReplicaType: 3
nsDS5ReplicaId: 1
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsState:: AQAAAAAAAAD12F9pAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAA==
nsDS5ReplicaName: 50acb882-eaf111f0-93db926e-a19d18f8
nsds5ReplicaChangeCount: 58
nsds5replicareapactive: 0
dn: cn=replication,cn=replica,cn=xxx
Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: nsds5replicationagreement
cn: replication
nsDS5ReplicaRoot: dc=xxx
description: replication
nsDS5ReplicaHost: secondary.xxx
nsDS5ReplicaPort: 636
nsDS5ReplicaBindMethod: simple
nsDS5ReplicaTransportInfo: LDAPS
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaCredentials: xxx
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 19700101000000Z
nsds5replicaLastUpdateEnd: 19700101000000Z
nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: Error (-1) Problem connecting to replica - LDAP
error: Can't contact LDAP server (connection error)
nsds5replicaLastUpdateStatusJSON: {"state": "red", "ldap_rc": "-1", "ldap_rc_t
ext": "Can't contact LDAP server", "repl_rc": "16", "repl_rc_text": "connecti
on error", "date": "2026-01-08T17:12:39Z", "message": "Error (-1) Problem con
necting to replica - LDAP error: Can't contact LDAP server (connection error)
"}
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 20260106114602Z
nsds5replicaLastInitEnd: 19700101000000Z
nsds5replicaLastInitStatus: Error (-1) - LDAP error: Can't contact LDAP server
- no response received
nsds5replicaLastInitStatusJSON: {"state": "red", "ldap_rc": "-1", "ldap_rc_tex
t": "Can't contact LDAP server", "repl_rc": "255", "repl_rc_text": "no respon
se received", "conn_rc": "0", "conn_rc_text": "operation success", "date": "2
026-01-06T11:46:18Z", "message": "Error (-1) - LDAP error: Can't contact LDAP
server - no response received"}
________________________________
From: Mark Reynolds <[email protected]>
Sent: Thursday, January 8, 2026 1:29 PM
To: General discussion list for the 389 Directory server project.
<[email protected]>; William Brown <[email protected]>
Cc: Van Remoortere, Arnaud <[email protected]>
Subject: Re: [389-users] Re: replication via ldaps
On 1/8/26 6: 18 AM, Van Remoortere, Arnaud via 389-users wrote: Sure, doesn't
seem to have much in it, also including a screenshot of the GUI showing the
replication configured and enabled on the same server (primary): # replication,
config dn:
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd
On 1/8/26 6:18 AM, Van Remoortere, Arnaud via 389-users wrote:
Sure, doesn't seem to have much in it, also including a screenshot of the GUI
showing the replication configured and enabled on the same server (primary):
# replication, config
dn: cn=replication,cn=config
objectClass: top
objectClass: nsContainer
cn: replication
# replication manager, config
dn: cn=replication manager,cn=config
objectClass: top
objectClass: inetUser
objectClass: netscapeServer
objectClass: nsAccount
cn: replication manager
uid: replication manager
userPassword:: xxx
William wanted to see the replica config entry and the replica agreement from
cn=config. Here is an example:
cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: nsds5Replica
...
and most importantly the agreement:
dn: cn=YOUR_AGREEMENT_NAME,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
tree,cn=config
objectClass: top
objectClass: nsds5replicationagreement
...
Regards,
Mark
[cid:[email protected]]
________________________________
From: William Brown <[email protected]><mailto:[email protected]>
Sent: Wednesday, January 7, 2026 11:15 PM
To: [email protected]<mailto:[email protected]>
<[email protected]><mailto:[email protected]>
Cc: Van Remoortere, Arnaud <[email protected]><mailto:[email protected]>
Subject: Re: [389-users] replication via ldaps
On 7 Jan 2026, at 20: 13, Van Remoortere, Arnaud via 389-users <389-users@
lists. fedoraproject. org><mailto:389-users@ lists. fedoraproject. org> wrote:
Yes it succeeds, commands below (I've changed the real hostname and basedn in
this output). : On 6 Jan 2026, at 22: 06, Van Remoortere,
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd
On 7 Jan 2026, at 20:13, Van Remoortere, Arnaud via 389-users
<[email protected]><mailto:[email protected]>
wrote:
Yes it succeeds, commands below (I've changed the real hostname and basedn in
this output).:
On 6 Jan 2026, at 22:06, Van Remoortere, Arnaud via 389-users
<[email protected]><mailto:[email protected]>
wrote:
Hi, I'm following the instructions to setup replication in CHAPTER 2.
CONFIGURING SINGLE-SUPPLIER
REPLICATION<https://urldefense.com/v3/__https://docs.redhat.com/en-us/documentation/red_hat_directory_server/12/pdf/configuring_and_managing_replication/Red_Hat_Directory_Server-12-Configuring_and_managing_replication-en-US.pdf__;!!GjvTz_vk!Vddz04F0k5drd2N8KkmbVo04ktCMdXM89Mv4L67yn9w-hCFiourlbm-YP8ZtOtRKDq8ixOuxhmi4MQ$>
USING THE WEB
CONSOLE<https://urldefense.com/v3/__https://docs.redhat.com/en-us/documentation/red_hat_directory_server/12/pdf/configuring_and_managing_replication/Red_Hat_Directory_Server-12-Configuring_and_managing_replication-en-US.pdf__;!!GjvTz_vk!Vddz04F0k5drd2N8KkmbVo04ktCMdXM89Mv4L67yn9w-hCFiourlbm-YP8ZtOtRKDq8ixOuxhmi4MQ$>
I get a "Error (-1) - LDAP error: Can't contact LDAP server - no response
received " in the GUI
The logs on supplier say this:
[06/Jan/2026:11:47:51.180037306 +0000] - ERR - slapi_ldap_bind - Could not send
bind request for id [cn=replication manager,cn=config] authentication mechanism
[SIMPLE]: error -1 (Can't contact LDAP server), system error -5987 (Invalid
function argument.), network error 0 (Unknown error, host
"second.xxx.com:636<https://urldefense.com/v3/__http://second.xxx.com:636/__;!!GjvTz_vk!Vddz04F0k5drd2N8KkmbVo04ktCMdXM89Mv4L67yn9w-hCFiourlbm-YP8ZtOtRKDq8ixOt3DQU9CA$>")
Can you show us the replication configuration from cn=config in that case? My
guess is the URL is wrong in the config.
--
Sincerely,
William Brown
Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
--
Identity Management Development Team
--
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
