[Freeipa-users] Freeipa replication issue
Alexander Bokovoy
abokovoy at redhat.com
Thu Jul 14 13:38:56 UTC 2016
On Thu, 14 Jul 2016, Stefan Uygur wrote:
>Hi All,
>Sorry if this would appear to be an obvious issue and maybe someone has
>already discussed about it but I couldn't get anywhere information
>about how to resolve this issue that I am experiencing.
>
>Basically I have an IPA master server where the admin password was
>originally the same as Directory Manager password, within months the
>admin password was changed and DM left as it was.
>
>But I have followed the instructions given in below link to reset DM
>password:
>
>https://www.centos.org/docs/5/html/CDS/install/8.0/Installation_Guide-Common_Usage-Resetting_Passwords.html
This is incorrect document as it is not relevant to IPA.
Use http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>Which I have tested after the reset using ldapsearch and it seems to be
>working perfectly.
>
>But when I try to prepare the replica it keep telling me that is wrong
>password as per below:
>
>ipa-replica-prepare ipa2.example.com --ip-address 10.0.0.3
>Directory Manager (existing master) password:
>The password provided is incorrect for LDAP server ipa1.example.com
>
>
>Usint the following to test the DM password:
>
>ldapsearch -x -D "cn=directory manager" -w DM_PASSWD base -b "" "objectclass=*"
>
>Which gives me the correct result, long output.....but again, when I
>try to prepare replica still getting wrong password.
There are more places where DM password is used for replica. You changed
it only 389-ds but didn't change other places. Use instructions above.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list