El 21/05/18 a las 11:44, Mark Reynolds escribió:
On 05/21/2018 10:32 AM, i...@tecnoaccion.com.ar wrote:
El 21/05/18 a las 11:20, Mark Reynolds escribió:
On 05/21/2018 10:16 AM, i...@tecnoaccion.com.ar wrote:
El 18/05/18 a las 20:02, Mark Reynolds escribió:
On 05/18/2018 04:07 PM, None via FreeIPA-users wrote:
El 18/05/18 a las 16:52, Mark Reynolds escribió:
On 05/18/2018 03:13 PM, i...@tecnoaccion.com.ar wrote:
El 18/05/18 a las 16:09, Mark Reynolds escribió:
On 05/18/2018 03:01 PM, None via FreeIPA-users wrote:
hi!
I'm new to FreeIPA, I inherited a FreeIPA infrastructure, and I'm
trying to have a Nagios check for the replication status (without
indicating a password). I found this article:
<https://danieljamesscott.org/11-articles/application-guides/26-freeipa-replication-monitoring.html>.
It's exactly what I want to do
but, when I try to do the ldapmodify thing with
grant_anonymous_replication_view.ldif (only changing
cn="dc=example,dc=com" according to my installation), I get:
$ ldapmodify -x -D "cn=directory manager" -W -f
grant_anonymous_replication_view.ldif -h ipa.mydomain.com.ar
Enter LDAP Password:
and it doesn't accept admin or directory manager password (?)
Do you get an invalid credentials error (49), or?
that's right, I get:
ldap_bind: Invalid credentials (49)
do I have to make other changes to the ldif?
No
or, what is the password I need?
Only you would know, if you don't know it then you can always
reset
the
directory manager password:
http://www.port389.org/docs/389ds/howto/howto-resetdirmgrpassword.html
I do have admin and directory manager password, I tried with both,
and
I got the same result (?)
Sounds like you don't have the correct password if you are getting
error
49. The only other thing it could be is that the "cn=directory
manager"
account is not setup as "cn=directory manager" in your setup.
You can
confirm by grepping for "nsslapd-rootdn" from
/etc/dirsrv/slapd-YOUR_INSTANCE/dse.ldif. If it is set to
"cn=directory
manager', then you have the wrong password and you should reset it.
Otherwise you have the wrong DN. It's one or the other.
great!
it was the wrong password... Now I get this:
ldapmodify: wrong attributeType at line 5, entry
"cn="dc=example,dc=com",cn=mapping tree,cn=config"
the full ldif is:
dn: cn="dc=example,dc=com",cn=mapping tree,cn=config
changetype: modify
add: aci
aci:
(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version
3.0; aci "permission:Read Replication Agreements"; allow (read,
search, compare) groupdn = "ldap:///anyone";;)
I think the problem is the aci value. Its multiple lines, maybe its
wrapped weird. There s a few ways to fix it. In LDAP you would
precede
a line break with a space. So something like this:
dn: cn="dc=example,dc=com",cn=mapping tree,cn=config
changetype: modify
add: aci
aci:
(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)
(objectclass=nsDSWindowsReplicationAgreement))")(version
3.0; aci "permission:Read Replication Agreements"; allow
(read, search, compare) groupdn = "ldap:///anyone";;)
Or, it has to be one long line. I am attaching a ldif with two
examples
you can pick from.
hi!
I tried both ldifs, they report the same:
# ldapmodify -x -D "cn=Directory Manager" -W -f 1.ldif -h
ipa.example.com.ar
Enter LDAP Password:
modifying entry "cn="dc=example,dc=com",cn=mapping tree,cn=config"
ldap_modify: No such object (32)
# ldapmodify -x -D "cn=Directory Manager" -W -f 2.ldif -h
example.tecnoaccion.com.ar
Enter LDAP Password:
modifying entry "cn="dc=example,dc=com",cn=mapping tree,cn=config"
ldap_modify: No such object (32)
Its probably the quotes around dc=example,dc=com
Try replacing it with;
cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
So the problem is that you really don't have a backend suffix
"dc=example,dc=com"
Try this:
ldapsearch -xLLL -D "cn=Directory Manager" -W -b cn=config nsslapd-backend=*
This will dump your backends, find DN from the entry for your database
and put that in the LDIF file
excellent! I could ldapmodify the ldif, and now I can test with a
anonymous ldapsearch
thank you very much!
René
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/3OZ7N7RNQCH5J26KISXNCSOJ2WTA66U7/
