[Freeipa-users] Directory Manager Password Change
Florence Blanc-Renaud
flo at redhat.com
Mon Dec 5 13:08:52 UTC 2016
On 12/05/2016 01:05 PM, Callum Guy wrote:
> Hi All,
>
> I have been testing FreeIPA and now plan to migrate to production use -
> thanks for creating such a great application!
>
> During the test phase we have been using simple passwords for the admin
> and directory manager users however we need these changed before moving
> into production. I believe we can change the admin password using the
> web interface however as I understand it amending the directory manager
> password is not so straightforward.
>
> I have found this
> link https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password however
> I am unsure if this is the correct procedure for our installation -
> certainly i am having no luck so far.
>
> We have the following setup:
>
> FreeIPA 4.2.0 - single master server (no replicas), multiple clients
> CentOS 7.2
>
> I have tried the following steps in order:
>
> http://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html
> followed by
> https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>
> After completing that I am no longer able to authenticate user logins.
> The below covers my current situation:
>
> This works:
> ldapsearch -x -D "cn=directory manager" -w NEWPASSWORD -s base -b ""
> "objectclass=*"
>
> This does not work:
> ldapsearch -x -D "cn=directory manager" -w OLDPASSWORD -s base -b ""
> "objectclass=*"
>
> This works:
> ldapsearch -h localhost -ZZ -p 389 -x -D "uid=admin,ou=people,o=ipaca"
> -W -b "" -s base
> OLDPASSWORD
>
> This does not work:
> ldapsearch -h localhost -ZZ -p 389 -x -D "uid=admin,ou=people,o=ipaca"
> -W -b "" -s base
> NEWPASSWORD
>
Hi,
your commands show that the Directory Manager password was properly
modified, but not admin's password. Did you run the step 3 Updating PKI
admin password of the procedure [1]?
ldappasswd -h localhost -ZZ -p $CA_PORT -x -D "cn=Directory Manager" -W
-T /root/dm_password "uid=admin,ou=people,o=ipaca"
Flo.
[1]
https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password#3._Update_PKI_admin_password
> So i'm i a mixed up state! Is anyone able to offer advise on resolving
> this issue?
>
> Thank you,
>
> Callum
>
>
>
>
>
> *^0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> | _
> **_^<https://twitter.com/xonuk>
> <http://www.linkedin.com/company/x-on/products>
> <https://www.facebook.com/XonTel> *
> X-on is a trading name of Storacall Technology Ltd a limited company
> registered in England and Wales.
> Registered Office : Avaland House, 110 London Road, Apsley, Hemel
> Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.
> The information in this e-mail is confidential and for use by the
> addressee(s) only. If you are not the intended recipient, please notify
> X-on immediately on +44(0)333 332 0000 and delete the
> message from your computer. If you are not a named addressee you must
> not use, disclose, disseminate, distribute, copy, print or reply to this
> email. Views or opinions expressed by an individual
> within this email may not necessarily reflect the views of X-on or its
> associated companies. Although X-on routinely screens for viruses,
> addressees should scan this email and any attachments
> for viruses. X-on makes no representation or warranty as to the absence
> of viruses in this email or any attachments.
>
>
>
More information about the Freeipa-users
mailing list