Bob Hinton wrote: > Hi, > > I've been trying to add a password policy for an existing user group > called "services" in IPA version 4.2.0. > > ipa pwpolicy-add services > ipa: ERROR: entry with name "services" already exists > > ipa pwpolicy-show services > ipa: ERROR: services: password policy not found > > ipa pwpolicy-del services > ipa: ERROR: services: password policy not found > > ipa pwpolicy-mod services > ipa: ERROR: services: password policy not found > > ipa pwpolicy-find > doesn't list it. > > As an experiment I've tried to add additional pwpolicy entries. If these > fail due to insufficient privileges then I get the same symptoms, so > it's possible that this is what happened with the services pwpolicy. > > How do I correct this situation? > > Many thanks
I'd use ldapsearch to narrow things down. A group-based password policy consists of two entries so I'd look in both: $ kinit admin $ ldapsearch -Y GSSAPI -b cn=costemplates,cn=accounts,dc=example,dc=com $ ldapsearch -Y GSSAPI -b cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com '(objectclass=krbPwdPolicy)' There could, for example, be a replication conflict entry. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
