[Freeipa-users] Freeipa replication issue
Stefan Uygur
suygur at firstderivatives.com
Thu Jul 14 14:10:27 UTC 2016
Hi Alexander,
Thanks for a quick reply first of all and to be honest actually I have tried that link too, it didn't work either.
This is my ipa version: ipa-server-3.0.0-47.el6_7.2.x86_64 and the system is RHEL 6
When I reproduce the last step of the instructions you provided:
ldappasswd -h localhost -ZZ -p 389 -x -D "cn=Directory Manager" -W -T dm_password
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
Or trying this one (because I am not sure if I have dogtag 10):
ldappasswd -h localhost -ZZ -p 7389 -x -D "cn=Directory Manager" -W -T dm_password
Enter LDAP Password:
Result: No such object (32)
Additional info: No such Entry exists.
I couldn't figure out clearly, your help much appreciated wherever you can.
Many thanks
-----Original Message-----
From: Alexander Bokovoy [mailto:abokovoy at redhat.com]
Sent: 14 July 2016 14:39
To: Stefan Uygur
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Freeipa replication issue
On Thu, 14 Jul 2016, Stefan Uygur wrote:
>Hi All,
>Sorry if this would appear to be an obvious issue and maybe someone has
>already discussed about it but I couldn't get anywhere information
>about how to resolve this issue that I am experiencing.
>
>Basically I have an IPA master server where the admin password was
>originally the same as Directory Manager password, within months the
>admin password was changed and DM left as it was.
>
>But I have followed the instructions given in below link to reset DM
>password:
>
>https://www.centos.org/docs/5/html/CDS/install/8.0/Installation_Guide-C
>ommon_Usage-Resetting_Passwords.html
This is incorrect document as it is not relevant to IPA.
Use http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>Which I have tested after the reset using ldapsearch and it seems to be
>working perfectly.
>
>But when I try to prepare the replica it keep telling me that is wrong
>password as per below:
>
>ipa-replica-prepare ipa2.example.com --ip-address 10.0.0.3 Directory
>Manager (existing master) password:
>The password provided is incorrect for LDAP server ipa1.example.com
>
>
>Usint the following to test the DM password:
>
>ldapsearch -x -D "cn=directory manager" -w DM_PASSWD base -b "" "objectclass=*"
>
>Which gives me the correct result, long output.....but again, when I
>try to prepare replica still getting wrong password.
There are more places where DM password is used for replica. You changed it only 389-ds but didn't change other places. Use instructions above.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list