Hi, the directory manager password provided to ipa-ca-install is validated by doing a simple bind to the LDAP URI defined in /etc/ipa/default.conf. It should contain something similar to ldap_uri = ldapi://%2Frun%2Fslapd-DOMAIN-COM.socket
and you can try manually with (replace DOMAIN-COM with your own domain) ldapsearch -D "cn=directory manager" -w $DMP -H ldapi://%2Frun%2Fslapd-DOMAIN-COM.socket -s base -b "" I would check if the ldapi socket is enabled (nsslapd-ldapilisten: on is defined in /etc/dirsrv/slapd-DOMAIN-COM/dse.ldif), and if the ldap_uri is properly defined in /etc/ipa/default.conf. The ipa-ca-install also provides a --debug option that would allow to gather more information. flo On Sat, Jan 1, 2022 at 6:51 PM Chris Candreva via FreeIPA-users < [email protected]> wrote: > > > My problem is what the subject says. Most of the searches I've found are > what to do when you don't know the Directory Manager password. However I > can confirm it is correct with ldapsearch, yet ipa-ca-install says it is > wrong. I'd appreciate any hints as to where to look next. > > > [root@ipa3 chris]# export DMP=<pasword> > > [root@ipa3 chris]# ldapsearch -x -D "cn=directory manager" -w $DMP -s > base -b "" "objectclass=*" | head > # extended LDIF > # > # LDAPv3 > # base <> with scope baseObject > # filter: objectclass=* > # requesting: ALL > # > > # > dn: > > [root@ipa3 chris]# ipa-ca-install --password=$DMP > Directory Manager password is invalid > > > -- > --- > ======================================================================== > Chris Candreva -- [email protected] -- http://www.westnet.com/~chris > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
