I can successfully bind as the Directory Manager, but when I use the same password to create a replica prep file I get an "Invalid Credentials" error. How is this possible?
I'm running FreeIPA v3.0 on Centos 6 and created replica's successfully in the past. I tested the Directory Manager password by using it change the admin user's password: ldappasswd -D 'cn=directory manager' -W -S uid=admin,cn=users,cn=accounts ,dc=domain,dc=com and that was successful (tested by getting a ticket as admin user with new pwd). But when I try to create a replica file: # ipa-replica-prepare ipa2.shiela.com Preparing replica for ipa2.shiela.com from ipa1.shiela.com preparation of replica failed: Insufficient access: Invalid credentials Insufficient access: Invalid credentials File "/usr/sbin/ipa-replica-prepare", line 529, in <module> main() File "/usr/sbin/ipa-replica-prepare", line 391, in main update_pki_admin_password(dirman_password) File "/usr/sbin/ipa-replica-prepare", line 247, in update_pki_admin_password bind_pw=dirman_password File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 63, in connect conn = self.create_connection(*args, **kw) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 846, in create_connection self.handle_errors(e) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 712, in handle_errors raise errors.ACIError(info="%s %s" % (info, desc)) If anyone can shed light on this I would be grateful. I've checked /var/log/dirsrv/PKI-IPA but it has not been any more helpful. Shiela
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project