Figured out the problem. For future reference, a more informative log entry
appeared in /var/log/dirsrv/slapd-<domain>/errors:
Entry "uid=ian,cn=users,cn=accounts,dc=sbgrid,dc=org" has unknown object class
Sure enough, when I upgraded our old (v1) FreeIPA server I had to add some
schema because "radiusprofile" was a previously-included objectClass. I guess
the upgraded server didn't include that schema. After ldapmodifying the user
accounts to remove that objectClass, we're back in business.
On Jan 4, 2012, at 6:32 PM, Ian Levesque wrote:
> I've upgraded a FreeIPA server to RHEL 6.2 (from 6.1), putting me at version
> 2.1.3-9. Since the upgrade, I haven't been able to change any existing
> passwords, all I get is an "Authentication token manipulation error".
> Newly-created accounts don't have this problem. I /can/ login using my
> existing password, but one user's password is expired and is effectively
> locked out until I can figure this out. Any ideas?
Freeipa-users mailing list