[Freeipa-users] dirsrv password incorrect on replicas?
Rich Megginson
rmeggins at redhat.com
Thu Dec 18 18:28:52 UTC 2014
On 12/18/2014 09:49 AM, Janelle wrote:
> Good morning/evening All,
>
> So, another strange thing I see with 4.1.2 running on FC21 (server).
> On some replicas if I attempt to modify the 389-ds backend, I get
> credential errors. Even ldapsearch fails - which as me baffled. I am
> trying to tune the servers but this has me confused as to what might
> cause something like this and where to start looking for a solution?
>
> Here is the interesting part - when the server was intially
> replicated, I was able to make changes to 389-ds, but after a few
> days, credentials now show errors:
>
> ldapsearch -x -LLL -D "cn=directory manager" -b "cn=monitor"
> "(objectclass=*)" -W
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
This doesn't make any sense. Directory manager passwords are not
replicated, they are local to each machine. Directory manager passwords
do not expire, and the error message is definitely "incorrect password"
not "password expired". There are no internal processes that touch
directory manager or its password (unless there is something in ipa but
I doubt it). So I have no idea how "all of a sudden" directory manager
password stops working.
You can't recover it, you can only reset it.
http://www.port389.org/docs/389ds/howto/howto-resetdirmgrpassword.html
>
> Thoughts?
> ~J
>
More information about the Freeipa-users
mailing list