[Freeipa-users] CA: Cannot add Centos7.2 replica to Centos6.8 ipa server
Endi Sukma Dewata
edewata at redhat.com
Tue Sep 13 19:36:13 UTC 2016
On 9/12/2016 9:35 PM, Endi Sukma Dewata wrote:
> On 9/9/2016 2:46 PM, Georgios Kafataridis wrote:
>> I've tried that but still the same result.
>>
>> [root at ipa-server /]# ldapsearch -D "cn=directory manager" -W -p 389 -h
>> localhost -b "uid=admin,ou=people,o=ipaca"
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <uid=admin,ou=people,o=ipaca> with scope subtree
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 32 No such object
>
> Hi,
>
> The master's logs indicate there's an authentication issue.
>
> Could you search the whole directory to find the admin user?
> $ ldapsearch ... -b "o=ipaca" "(uid=admin)"
>
> Try also other suffixes that you have in the DS.
>
> If you find it, try to authenticate against DS directly as the admin
> user. If the authentication fails, try resetting the password.
I believe there is actually another DS instance on CentOS 6.8 running on
port 7389, so make sure you check that too. If the admin user is indeed
missing, it will need to be recreated, assigned a password and
certificate, and added to the appropriate groups.
See also: http://pki.fedoraproject.org/wiki/IPA_PKI_Users
--
Endi S. Dewata
More information about the Freeipa-users
mailing list