On Thu, 14 Jul 2016, Stefan Uygur wrote:
Hi All,
Sorry if this would appear to be an obvious issue and maybe someone has
already discussed about it but I couldn't get anywhere information
about how to resolve this issue that I am experiencing.

Basically I have an IPA master server where the admin password was
originally the same as Directory Manager password, within months the
admin password was changed and DM left as it was.

But I have followed the instructions given in below link to reset DM
password:

https://www.centos.org/docs/5/html/CDS/install/8.0/Installation_Guide-Common_Usage-Resetting_Passwords.html
This is incorrect document as it is not relevant to IPA.

Use http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password

Which I have tested after the reset using ldapsearch and it seems to be
working perfectly.

But when I try to prepare the replica it keep telling me that is wrong
password as per below:

ipa-replica-prepare ipa2.example.com --ip-address 10.0.0.3
Directory Manager (existing master) password:
The password provided is incorrect for LDAP server ipa1.example.com


Usint the following to test the DM password:

ldapsearch -x -D "cn=directory manager" -w DM_PASSWD base -b "" "objectclass=*"

Which gives me the correct result, long output.....but again, when I
try to prepare replica still getting wrong password.
There are more places where DM password is used for replica. You changed
it only 389-ds but didn't change other places. Use instructions above.


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to