Hello all, > The PKCS#12 file of the CA root generated by IPA during installation is > protected by the DM password. > > An updated file can be generated using PKCS12Export if desired. >
Is this step actually required when changing the directory manager password (https://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html)? If I'm reading the documentation properly, it appears that FreeIPA versions >= 4.x do not require this step. Is this correct? Thank you! John DeSantis Il giorno gio 20 mag 2021 alle ore 08:53 Rob Crittenden via FreeIPA-users <[email protected]> ha scritto: > > Florence Renaud via FreeIPA-users wrote: > > Hi Ian, > > with IPA 4.6.8 you just need to follow the 389ds doc. > > The procedure was more complex in version < 3.2.2 because there were two > > 389ds instances (one for the regular suffix and one for the Certificate > > Server) and the password has to be manually synchronized between the 2, > > and the replica installation was done using a different procedure (you > > had to prepare a replica file containing passwords, private keys, > > certificates and then transfer this file on the future replica). > > The PKCS#12 file of the CA root generated by IPA during installation is > protected by the DM password. > > An updated file can be generated using PKCS12Export if desired. > > rob > > > HTH, > > flo > > > > On Tue, May 18, 2021 at 7:41 PM Ian Pilcher via FreeIPA-users > > <[email protected] > > <mailto:[email protected]>> wrote: > > > > Maybe it's just me, but I still find the documentation on this subject > > confusing. (This is probably because the docs seem to be telling me > > that I don't need to do anything beyond the actual password change, and > > I don't trust answers that seem too easy.) > > > > I running a single-node IPA 4.6.8 on RHEL 7. The actual password change > > with ldapmodify[1] is simple enough. Am I reading the FreeIPA > > documentation[2] correctly, that I don't need to perform any other > > steps? > > > > Thanks! > > > > [1] > > > > https://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html > > [2] https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password > > > > -- > > ======================================================================== > > Ian Pilcher Sr. Principal Product Manager > > +1 469 892-8704 Red Hat Cloud Platforms > > ======================================================================== > > _______________________________________________ > > FreeIPA-users mailing list -- [email protected] > > <mailto:[email protected]> > > To unsubscribe send an email to > > [email protected] > > <mailto:[email protected]> > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > > > https://lists.fedorahosted.org/archives/list/[email protected] > > Do not reply to spam on the list, report it: > > https://pagure.io/fedora-infrastructure > > > > > > _______________________________________________ > > FreeIPA-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/[email protected] > > Do not reply to spam on the list, report it: > > https://pagure.io/fedora-infrastructure > > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
