Rob, > This step is needed for very old IPA installations.
As usual, thank you for taking the time to respond! John DeSantis Il giorno gio 29 lug 2021 alle ore 11:37 Rob Crittenden via FreeIPA-users <[email protected]> ha scritto: > > John Desantis wrote: > > Hello all, > > > >> The PKCS#12 file of the CA root generated by IPA during installation is > >> protected by the DM password. > >> > >> An updated file can be generated using PKCS12Export if desired. > >> > > > > Is this step actually required when changing the directory manager > > password > > (https://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html)? > > > > If I'm reading the documentation properly, it appears that FreeIPA > > versions >= 4.x do not require this step. Is this correct? > > This step is needed for very old IPA installations. > > rob > > > > > Thank you! > > John DeSantis > > > > Il giorno gio 20 mag 2021 alle ore 08:53 Rob Crittenden via > > FreeIPA-users <[email protected]> ha scritto: > >> > >> Florence Renaud via FreeIPA-users wrote: > >>> Hi Ian, > >>> with IPA 4.6.8 you just need to follow the 389ds doc. > >>> The procedure was more complex in version < 3.2.2 because there were two > >>> 389ds instances (one for the regular suffix and one for the Certificate > >>> Server) and the password has to be manually synchronized between the 2, > >>> and the replica installation was done using a different procedure (you > >>> had to prepare a replica file containing passwords, private keys, > >>> certificates and then transfer this file on the future replica). > >> > >> The PKCS#12 file of the CA root generated by IPA during installation is > >> protected by the DM password. > >> > >> An updated file can be generated using PKCS12Export if desired. > >> > >> rob > >> > >>> HTH, > >>> flo > >>> > >>> On Tue, May 18, 2021 at 7:41 PM Ian Pilcher via FreeIPA-users > >>> <[email protected] > >>> <mailto:[email protected]>> wrote: > >>> > >>> Maybe it's just me, but I still find the documentation on this subject > >>> confusing. (This is probably because the docs seem to be telling me > >>> that I don't need to do anything beyond the actual password change, > >>> and > >>> I don't trust answers that seem too easy.) > >>> > >>> I running a single-node IPA 4.6.8 on RHEL 7. The actual password > >>> change > >>> with ldapmodify[1] is simple enough. Am I reading the FreeIPA > >>> documentation[2] correctly, that I don't need to perform any other > >>> steps? > >>> > >>> Thanks! > >>> > >>> [1] > >>> > >>> https://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html > >>> [2] > >>> https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password > >>> > >>> -- > >>> > >>> ======================================================================== > >>> Ian Pilcher Sr. Principal Product > >>> Manager > >>> +1 469 892-8704 Red Hat Cloud > >>> Platforms > >>> > >>> ======================================================================== > >>> _______________________________________________ > >>> FreeIPA-users mailing list -- [email protected] > >>> <mailto:[email protected]> > >>> To unsubscribe send an email to > >>> [email protected] > >>> <mailto:[email protected]> > >>> Fedora Code of Conduct: > >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > >>> List Guidelines: > >>> https://fedoraproject.org/wiki/Mailing_list_guidelines > >>> List Archives: > >>> > >>> https://lists.fedorahosted.org/archives/list/[email protected] > >>> Do not reply to spam on the list, report it: > >>> https://pagure.io/fedora-infrastructure > >>> > >>> > >>> _______________________________________________ > >>> FreeIPA-users mailing list -- [email protected] > >>> To unsubscribe send an email to [email protected] > >>> Fedora Code of Conduct: > >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > >>> List Archives: > >>> https://lists.fedorahosted.org/archives/list/[email protected] > >>> Do not reply to spam on the list, report it: > >>> https://pagure.io/fedora-infrastructure > >>> > >> _______________________________________________ > >> FreeIPA-users mailing list -- [email protected] > >> To unsubscribe send an email to [email protected] > >> Fedora Code of Conduct: > >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > >> List Archives: > >> https://lists.fedorahosted.org/archives/list/[email protected] > >> Do not reply to spam on the list, report it: > >> https://pagure.io/fedora-infrastructure > > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
