Rich Megginson wrote: > On 12/10/2014 12:46 AM, Thomas Lau wrote: >> Hi All, >> >> So I am using FreeIPA 3.3.3, when I change password on one IPA host, >> the other clusters will in sync with the change or I need to do it one >> by one manually? > > You have to do every server manually. Changes to the cn=config tree are > not replicated.
You should also take a look at this: http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password rob > >> >> On Wed, Dec 10, 2014 at 12:03 PM, Simo Sorce <s...@redhat.com> wrote: >>> On Tue, 09 Dec 2014 20:33:32 -0700 >>> Rich Megginson <rmegg...@redhat.com> wrote: >>> >>>> On 12/09/2014 07:46 PM, Thomas Lau wrote: >>>>> By the way, if I change Directory manager password, do I need to do >>>>> anything else for replication cluster? >>>> http://www.port389.org/docs/389ds/howto/howto-resetdirmgrpassword.html >>>> >>>> Unless you are using directory manager for replication (please tell >>>> me you are not), you shouldn't have to do anything. >>> Given this is freeipa-users I assume ipa-replica-install/manage >>> converted his replication agreements to use GSSAPI :-) >>> >>> So, no, in FreeIPA replication doesn't care about the DM password. >>> >>> Simo. >>> >>> -- >>> Simo Sorce * Red Hat, Inc * New York >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go To http://freeipa.org for more info on the project >> >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project