[Freeipa-users] Replica not syncing 'memberOf' attributes
James Roman
james.roman at ssaihq.com
Thu Oct 7 14:56:29 UTC 2010
> Sorry about that, I now get:
>
> adding new entry cn=memberOf_fixup_2010_10_7_10_41_11, cn=memberOf
> task, cn=tasks, cn=config
> ldap_add: Insufficient access
>
> I have an admin Kerberos ticket and I know the password is correct
> because otherwise I get 'ldap_simple_bind: Invalid credentials'.
>
> Thanks,
>
> Dan
>
In FreeIPA v1 I'm almost positive you must run this script as
cn=directory manager. This is scheduling an administrative task on the
LDAP server, not actually running the task itself. Your admin account
only has rights to entities within the "cn=domain,cn=com" branch.
More information about the Freeipa-users
mailing list