On Mon, 15 Aug 2016, Stefan Uygur wrote:
Sorry if I have to bring this topic back again but still no solution so far. I
gave up for a while but I still need to solve this problem.
I followed the link provided by Mark Reynold:
I applied the instructions multiple times and also followed these instructions
With no joy.
The problem here is that "cn=directory manager" does not exist in a
database. It only exists in the cn=config entry, so ldappasswd will
not work. But I'm not sure if your problem is the directory manager
account though. You need to look through the Directory Server access
log for "err=49" (/var/log/dirsrv/slapd-INSTANCE/access), and see which
BIND dn is failing. It could be a different user/account.
So I checked the logs as well and this is all I have from logs every time I
attempt to prepare the replica:
[15/Aug/2016:11:03:13 +0100] conn=10 op=13 RESULT err=0 tag=101 nentries=0
[15/Aug/2016:11:03:15 +0100] conn=11 fd=70 slot=70 connection from local to
[15/Aug/2016:11:03:15 +0100] conn=11 op=0 BIND dn="cn=directory manager"
[15/Aug/2016:11:03:15 +0100] conn=11 op=0 RESULT err=49 tag=97 nentries=0
[15/Aug/2016:11:03:15 +0100] conn=11 op=1 UNBIND
[15/Aug/2016:11:03:15 +0100] conn=11 op=1 fd=70 closed - U1
I don't think it is that difficult to manage/change Directory Manager
password but I cannot get away with it myself so I must be doing
something wrong or the solutions provided (instructions) are not
applicable to the version of IPA (ipa-server-3.0.0-47.el6_7.2.x86_64) I
Please follow instructions in the FreeIPA's howto link above. Really,
they tell you where and how you should change DM password. As I said
before, you need to change more places which recorded the password at
the time of install. You claim that the instruction does not work but it
is very clear from the logs above that you haven't updated all places
where DM password was recorded and as such, you get some code using
older version of the DM password. This older version of DM password
comes from one of the fails you actually did not change.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project