[Freeipa-users] Freeipa replication issue

Stefan Uygur suygur at firstderivatives.com
Thu Jul 14 14:10:27 UTC 2016 

Hi Alexander,
Thanks for a quick reply first of all and to be honest actually I have tried that link too, it didn't work either.

This is my ipa version: ipa-server-3.0.0-47.el6_7.2.x86_64 and the system is RHEL 6

When I reproduce the last step of the instructions you provided:

ldappasswd -h localhost -ZZ -p 389 -x -D "cn=Directory Manager" -W -T dm_password
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

Or trying this one (because I am not sure if I have dogtag 10):

ldappasswd -h localhost -ZZ -p 7389 -x -D "cn=Directory Manager" -W -T dm_password
Enter LDAP Password:
Result: No such object (32)
Additional info: No such Entry exists.

I couldn't figure out clearly, your help much appreciated wherever you can.

Many thanks


-----Original Message-----
From: Alexander Bokovoy [mailto:abokovoy at redhat.com] 
Sent: 14 July 2016 14:39
To: Stefan Uygur
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Freeipa replication issue

On Thu, 14 Jul 2016, Stefan Uygur wrote:
>Hi All,
>Sorry if this would appear to be an obvious issue and maybe someone has 
>already discussed about it but I couldn't get anywhere information 
>about how to resolve this issue that I am experiencing.
>
>Basically I have an IPA master server where the admin password was 
>originally the same as Directory Manager password, within months the 
>admin password was changed and DM left as it was.
>
>But I have followed the instructions given in below link to reset DM
>password:
>
>https://www.centos.org/docs/5/html/CDS/install/8.0/Installation_Guide-C
>ommon_Usage-Resetting_Passwords.html
This is incorrect document as it is not relevant to IPA.

Use http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password

>Which I have tested after the reset using ldapsearch and it seems to be 
>working perfectly.
>
>But when I try to prepare the replica it keep telling me that is wrong 
>password as per below:
>
>ipa-replica-prepare ipa2.example.com --ip-address 10.0.0.3 Directory 
>Manager (existing master) password:
>The password provided is incorrect for LDAP server ipa1.example.com
>
>
>Usint the following to test the DM password:
>
>ldapsearch -x -D "cn=directory manager" -w DM_PASSWD base -b "" "objectclass=*"
>
>Which gives me the correct result, long output.....but again, when I 
>try to prepare replica still getting wrong password.
There are more places where DM password is used for replica. You changed it only 389-ds but didn't change other places. Use instructions above.


--
/ Alexander Bokovoy

More information about the Freeipa-users mailing list