[Freeipa-users] Cannot add password policy
Rob Crittenden
rcritten at redhat.com
Wed Mar 9 22:14:44 UTC 2016
Bob Hinton wrote:
> Hi,
>
> I've been trying to add a password policy for an existing user group
> called "services" in IPA version 4.2.0.
>
> ipa pwpolicy-add services
> ipa: ERROR: entry with name "services" already exists
>
> ipa pwpolicy-show services
> ipa: ERROR: services: password policy not found
>
> ipa pwpolicy-del services
> ipa: ERROR: services: password policy not found
>
> ipa pwpolicy-mod services
> ipa: ERROR: services: password policy not found
>
> ipa pwpolicy-find
> doesn't list it.
>
> As an experiment I've tried to add additional pwpolicy entries. If these
> fail due to insufficient privileges then I get the same symptoms, so
> it's possible that this is what happened with the services pwpolicy.
>
> How do I correct this situation?
>
> Many thanks
I'd use ldapsearch to narrow things down. A group-based password policy
consists of two entries so I'd look in both:
$ kinit admin
$ ldapsearch -Y GSSAPI -b cn=costemplates,cn=accounts,dc=example,dc=com
$ ldapsearch -Y GSSAPI -b cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com
'(objectclass=krbPwdPolicy)'
There could, for example, be a replication conflict entry.
rob
More information about the Freeipa-users
mailing list