<div dir="ltr"><div dir="ltr" class="gmail_msg">Hi All,<div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">I have been testing FreeIPA and now plan to migrate to production use - thanks for creating such a great application!</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">During the test phase we have been using simple passwords for the admin and directory manager users however we need these changed before moving into production. I believe we can change the admin password using the web interface however as I understand it amending the directory manager password is not so straightforward.</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">I have found this link <a href="https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password" class="gmail_msg" target="_blank">https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password</a> however I am unsure if this is the correct procedure for our installation - certainly i am having no luck so far. </div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">We have the following setup:</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">FreeIPA 4.2.0 - single master server (no replicas), multiple clients</div><div class="gmail_msg">CentOS 7.2</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">I have tried the following steps in order:</div><div class="gmail_msg"><br></div><div class="gmail_msg"><a href="http://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html">http://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html</a><br></div><div class="gmail_msg">followed by</div><div class="gmail_msg"><a href="https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password">https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password</a><br></div><div class="gmail_msg"><br></div><div class="gmail_msg">After completing that I am no longer able to authenticate user logins. The below covers my current situation:</div><div class="gmail_msg"><br></div><div class="gmail_msg">This works:</div><div class="gmail_msg"><div class="gmail_msg">ldapsearch -x -D "cn=directory manager" -w NEWPASSWORD -s base -b "" "objectclass=*"</div><div><br></div><div>This does not work:</div><div><div class="gmail_msg">ldapsearch -x -D "cn=directory manager" -w OLDPASSWORD -s base -b "" "objectclass=*"</div><br class="inbox-inbox-Apple-interchange-newline"></div><div>This works:</div><div><div>ldapsearch -h localhost -ZZ -p 389 -x -D "uid=admin,ou=people,o=ipaca" -W -b "" -s base</div><div>OLDPASSWORD</div><div><br></div><div>This does not work:</div><div>ldapsearch -h localhost -ZZ -p 389 -x -D "uid=admin,ou=people,o=ipaca" -W -b "" -s base</div><div>NEWPASSWORD<span class="inbox-inbox-Apple-converted-space"> </span> </div><div><br></div><div>So i'm i a mixed up state! Is anyone able to offer advise on resolving this issue?<br></div><div><br></div><div>Thank you,</div><div><br></div><div>Callum</div><div><br></div><br class="inbox-inbox-Apple-interchange-newline"></div><div><br></div></div></div></div> <br> <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;text-align:justify"><font size="3" face="Verdana"><span style="font-size:8px;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span></font></p><img src="http://www.x-on.co.uk/email/footer/banner-x-on.jpg"><br><p><font size="4"><span style="font-size:8px;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><b><sup><font face="Verdana">0333 332 0000 | <a href="http://www.x-on.co.uk" target="_blank">www.x-on.co.uk</a> | <sub> </sub></font></sup></b></font><font size="4"><b><sub><sup><font face="Verdana"><a href="https://twitter.com/xonuk" target="_blank"><img src="http://www.x-on.co.uk//images/icon/linkedin.png" width="24" height="24"></a> <a href="http://www.linkedin.com/company/x-on/products" target="_blank"><img src="http://www.x-on.co.uk//images/icon/facebook.png" width="24" height="24"></a> <a href="https://www.facebook.com/XonTel" target="_blank"><img src="http://www.x-on.co.uk//images/icon/twitter.png" width="24" height="24"></a></font></sup></sub> </b></font> <span style="font-size:6.0pt;font-family:Verdana;color:black"><br>X-on is a trading name of Storacall Technology Ltd a limited company registered in England and Wales.<br> Registered Office : Avaland House, 110 London Road, Apsley, Hemel Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.<br> The information in this e-mail is confidential and for use by the addressee(s) only. If you are not the intended recipient, please notify X-on immediately on <span>+44(0)333 332 0000</span> and delete the<br>message from your computer. If you are not a named addressee you must not use, disclose, disseminate, distribute, copy, print or reply to this email. </span><span style="font-size:6.0pt;font-family:Verdana;color:black">Views or opinions expressed by an individual<br>within this email may not necessarily reflect the views of X-on or its associated companies. Although X-on routinely screens for viruses, addressees should scan this email and any attachments<br>for viruses. X-on makes no representation or warranty as to the absence of viruses in this email or any attachments.</span></p> <p><span style="font-size:6.0pt;font-family:Verdana;color:black"></span><font size="2"><span style="font-size:6.0pt;font-family:Verdana;color:black"></span></font></p>