[Freeipa-users] strange DS errors trying to tune...
Alexander Bokovoy
abokovoy at redhat.com
Tue Nov 11 20:00:35 UTC 2014
On Tue, 11 Nov 2014, Janelle wrote:
>In this case it is the exact password and it worked in the first line
>but not in the second.
>
>Now to make things even more strange -- I have 8 replicas -- and 3 of
>them show this problem, the others do not -- WOW..
cn=config subtree is not replicated in FreeIPA, thus if you have
different passwords for Directory Manager (they are stored in
cn=config), this must be a problem local to a replica, not a replication
issue.
Perhaps some script or a person changed the directory manager's
password?
For the record, the password is stored in nsslapd-rootpw attribute of
cn=config:
dn: cn=config
nsslapd-rootdn: cn=Directory Manager
nsslapd-rootpw: {SSHA}some-hash-value
You can check the content of /etc/dirsrv/slapd-INSTANCE/dse.ldif
directly. Do not change the file while directory server is running as
your changes will be overridden.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list