I am trying to configure Peer-to-Peer replication for IBM Directory Server V6.4 on RHEL 9.5 from the command line, and as far as I can tell, the documentation is missing some information. I'm using the ldapreplcfg command (https://www.ibm.com/docs/en/sdse/6.4.0?topic=SSVJJU_6.4.0/com.ibm.IBMDS.doc_6.4/ds_ag_srv_adm_repl_topology_config_tool.htm), and it creates some entries, but replication doesn't work. Details:

I have two LDAP servers: fplvm1t and fplvm1p (fpl=Frank's Personal Lab). Here's the command I'm using to try to configure replication:

/opt/IBM/ldap/V6.4/bin/ldapreplcfg -s dc=gulfsoft,dc=com -topo PP -h1 vm1t -h2 vm1p -p1 389 -p2 389 -D1 cn=root -D2 cn=root -w1 passw0rd1 -w2 passw0rd1

That command successfully creates the following entries under dc=gulfsoft,dc=com in the DIT on both servers:

cn=creds1193316171

ibm-replicaGroup=default

• cn=fplvm1p:389
  • cn=fplvm1t:389
• cn-fplvm1t:389
  • cn=fplvm1p:389

That all seems good, except the cn=creds1193316171 entry has these values:

replicaBindDN: cn=fplvm1t
replicaCredentials: fplvm1t

Looking in ibmslapd.log on fplvm1p (similar on fplvm1t), I see this error:

2025-07-17T08:44:40.189027-4:00  GLPRPL036E Error 'simple bind: Invalid credentials' occurred for replica 'CN=FPLVM1T:389,CN=FPLVM1P:389,IBM-REPLICAGROUP=DEFAULT,DC=GULFSOFT,DC=COM': bind failed using masterDn 'cn=fplvm1t'.

Seeing this, I changed the replicaBundDN to cn=root and set the replicaCredentials to passw0rd1 (the admin userid and password). Now I see this message in ibmslapd.log on fplvm1p (similar on fplvm1t), which I thought was a good thing:

2025-07-17T08:58:01.002221-4:00 GLPRPL029I Established connection for replica 'CN=FPLVM1T:389,CN=FPLVM1P:389,IBM-REPLICAGROUP=DEFAULT,DC=GULFSOFT,DC=COM' on host 'fplvm1t' port 389.

However, no replication is actually performed. Also, following these docs, I ran this command:

/opt/IBM/ldap/V6.4/bin/idsldapsearch -h localhost -p 389 -b "dc=gulfsoft,dc=com" -s "sub" "objectclass=ibm-replicationAgreement" ibm-replicationState

And it shows me that the ibm-replicationState=binding, when I would think it should show "Ready".

So that's where I am. Any pointers?

Frank

------------------------------
Frank Tate
Gulfsoft Consulting
https://www.gulfsoft.com
AIOps Experts. Contact us for implementation help.
------------------------------

I am trying to configure Peer-to-Peer replication for IBM Directory Server V6.4 on RHEL 9.5 from the command line, and as far as I can tell, the documentation is missing some information. I'm using the ldapreplcfg command (https://www.ibm.com/docs/en/sdse/6.4.0?topic=SSVJJU_6.4.0/com.ibm.IBMDS.doc_6.4/ds_ag_srv_adm_repl_topology_config_tool.htm), and it creates some entries, but replication doesn't work. Details:

I have two LDAP servers: fplvm1t and fplvm1p (fpl=Frank's Personal Lab). Here's the command I'm using to try to configure replication:

/opt/IBM/ldap/V6.4/bin/ldapreplcfg -s dc=gulfsoft,dc=com -topo PP -h1 fplvm1t -h2 fplvm1p -p1 389 -p2 389 -D1 cn=root -D2 cn=root -w1 passw0rd1 -w2 passw0rd1

That command successfully creates the following entries under dc=gulfsoft,dc=com in the DIT on both servers:

cn=creds1193316171

ibm-replicaGroup=default

• cn=fplvm1p:389
  • cn=fplvm1t:389
• cn-fplvm1t:389
  • cn=fplvm1p:389

That all seems good, except the cn=creds1193316171 entry has these values:

replicaBindDN: cn=fplvm1t
replicaCredentials: fplvm1t

Looking in ibmslapd.log on fplvm1p (similar on fplvm1t), I see this error:

2025-07-17T08:44:40.189027-4:00  GLPRPL036E Error 'simple bind: Invalid credentials' occurred for replica 'CN=FPLVM1T:389,CN=FPLVM1P:389,IBM-REPLICAGROUP=DEFAULT,DC=GULFSOFT,DC=COM': bind failed using masterDn 'cn=fplvm1t'.

Seeing this, I changed the replicaBundDN to cn=root and set the replicaCredentials to passw0rd1 (the admin userid and password). Now I see this message in ibmslapd.log on fplvm1p (similar on fplvm1t), which I thought was a good thing:

2025-07-17T08:58:01.002221-4:00 GLPRPL029I Established connection for replica 'CN=FPLVM1T:389,CN=FPLVM1P:389,IBM-REPLICAGROUP=DEFAULT,DC=GULFSOFT,DC=COM' on host 'fplvm1t' port 389.

However, no replication is actually performed. Also, following these docs, I ran this command:

/opt/IBM/ldap/V6.4/bin/idsldapsearch -h localhost -p 389 -b "dc=gulfsoft,dc=com" -s "sub" "objectclass=ibm-replicationAgreement" ibm-replicationState

And it shows me that the ibm-replicationState=binding, when I would think it should show "Ready".

So that's where I am. Any pointers?

Frank

------------------------------
Frank Tate
Gulfsoft Consulting
https://www.gulfsoft.com
AIOps Experts. Contact us for implementation help.
------------------------------