Florence Renaud via FreeIPA-users wrote: > Hi Ian, > with IPA 4.6.8 you just need to follow the 389ds doc. > The procedure was more complex in version < 3.2.2 because there were two > 389ds instances (one for the regular suffix and one for the Certificate > Server) and the password has to be manually synchronized between the 2, > and the replica installation was done using a different procedure (you > had to prepare a replica file containing passwords, private keys, > certificates and then transfer this file on the future replica).
The PKCS#12 file of the CA root generated by IPA during installation is protected by the DM password. An updated file can be generated using PKCS12Export if desired. rob > HTH, > flo > > On Tue, May 18, 2021 at 7:41 PM Ian Pilcher via FreeIPA-users > <freeipa-users@lists.fedorahosted.org > <mailto:freeipa-users@lists.fedorahosted.org>> wrote: > > Maybe it's just me, but I still find the documentation on this subject > confusing. (This is probably because the docs seem to be telling me > that I don't need to do anything beyond the actual password change, and > I don't trust answers that seem too easy.) > > I running a single-node IPA 4.6.8 on RHEL 7. The actual password change > with ldapmodify[1] is simple enough. Am I reading the FreeIPA > documentation[2] correctly, that I don't need to perform any other > steps? > > Thanks! > > [1] > > https://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html > [2] https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password > > -- > ======================================================================== > Ian Pilcher Sr. Principal Product Manager > +1 469 892-8704 Red Hat Cloud Platforms > ======================================================================== > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > <mailto:freeipa-users@lists.fedorahosted.org> > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > <mailto:freeipa-users-le...@lists.fedorahosted.org> > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure