Bob Hinton wrote:
> Hi,
> 
> I've been trying to add a password policy for an existing user group
> called "services" in IPA version 4.2.0.
> 
> ipa pwpolicy-add services
> ipa: ERROR: entry with name "services" already exists
> 
> ipa pwpolicy-show services
> ipa: ERROR: services: password policy not found
> 
> ipa pwpolicy-del services
> ipa: ERROR: services: password policy not found
> 
> ipa pwpolicy-mod services
> ipa: ERROR: services: password policy not found
> 
> ipa pwpolicy-find
> doesn't list it.
> 
> As an experiment I've tried to add additional pwpolicy entries. If these
> fail due to insufficient privileges then I get the same symptoms, so
> it's possible that this is what happened with the services pwpolicy.
> 
> How do I correct this situation?
> 
> Many thanks

I'd use ldapsearch to narrow things down. A group-based password policy
consists of two entries so I'd look in both:

$ kinit admin
$ ldapsearch -Y GSSAPI -b cn=costemplates,cn=accounts,dc=example,dc=com
$ ldapsearch -Y GSSAPI -b cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com
'(objectclass=krbPwdPolicy)'

There could, for example, be a replication conflict entry.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to