Document URL: https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/configuring_replication_partners_to_use_certificate-based_authentication Section Number and Name: 5. Create a replication agreement on both servers that use certificate-based authentication: Describe the issue: The documented command to create the replication agreement is failing with the following message: ###### Error: You need to set the bind dn (--bind-dn) and the password (--bind-passwd) for bind method (sslclientauth) ###### Suggestions for improvement: The customer had to add the missing parameters to make the command work. Please update the commands in the RHDS documentation. Additional information: https://pagure.io/389-ds-base/blob/389-ds-base-1.4.2/f/src/lib389/lib389/cli_conf/replication.py#_691 ==================================================================== # We do need the bind dn and credentials for none-sasl bind methods if (bind_method in ('simple', 'sslclientauth')) and (args.bind_dn is None or args.bind_passwd is None): raise ValueError("You need to set the bind dn (--bind-dn) and the password (--bind-passwd) for bind method ({})".format(bind_method)) ====================================================================
*** Bug 1885547 has been marked as a duplicate of this bug. ***
Upstream ticket: https://github.com/389ds/389-ds-base/issues/4412
Looks good to me! Thank you!
Build tested: 389-ds-base-1.4.3.22-1.module+el8dsrv+10501+8ce33e95.x86_64 389-ds-base-debuginfo-1.4.3.22-1.module+el8dsrv+10501+8ce33e95.x86_64 389-ds-base-libs-1.4.3.22-1.module+el8dsrv+10501+8ce33e95.x86_64 STEPS: 1.) Setup 2 DS instances 2.) Configured replication as outlined in the documentation: SECTION: 15.5. CONFIGURING REPLICATION PARTNERS TO USE CERTIFICATE-BASED AUTHENTICATION 3.) Verified that the step that had an invalid command now succeeds with the correct instructions dsconf -D "cn=Directory Manager" ,instance_1> repl-agmt create --suffix=<suffix 1>. --host=<host1> --port=636 --conn-protocol=LDAPS --bind-dn="cn=Replication Manager,cn=config" --bind-passwd="password" --bind-method=SIMPLE --init temporary_agreement 4.) Verify command succeds: Successfully created replication agreement "temporary_agreement" marking as VERIFIED
Build tested: 389-ds-base-1.4.3.22-1.module+el8dsrv+10501+8ce33e95.x86_64 389-ds-base-debuginfo-1.4.3.22-1.module+el8dsrv+10501+8ce33e95.x86_64 389-ds-base-libs-1.4.3.22-1.module+el8dsrv+10501+8ce33e95.x86_64 STEPS: 1.) Setup 2 DS instances 2.) Configured replication as outlined in the documentation: SECTION: 15.5. CONFIGURING REPLICATION PARTNERS TO USE CERTIFICATE-BASED AUTHENTICATION 3.) Verified that the step that had an invalid command now succeeds with the correct instructions dsconf -D "cn=Directory Manager" ,instance_1> repl-agmt create --suffix=<suffix 1>. --host=<host1> --port=636 --conn-protocol=LDAPS --bind-dn="cn=Replication Manager,cn=config" --bind-passwd="password" --bind-method=SIMPLE --init temporary_agreement dsconf -D "cn=Directory Manager" <instance1> repl-agmt create --suffix="dc=<suffix>" --host="<hostname>" --port=1636 --conn-protocol=LDAPS --bind-method="SSLCLIENTAUTH" --init example_agreement Successfully created replication agreement "example_agreement" Agreement initialization started... 4.) Verify command succeeds: marking as VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (redhat-ds:11 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2021:2038