I can successfully bind as the Directory Manager, but when I use the same
password to create a replica prep file I get an "Invalid Credentials"
error.  How is this possible?

I'm running FreeIPA v3.0 on Centos 6 and created replica's successfully in
the past.

I tested the Directory Manager password by using it change the admin user's
password:

ldappasswd -D 'cn=directory manager' -W -S uid=admin,cn=users,cn=accounts
,dc=domain,dc=com

and that was successful (tested by getting a ticket as admin user with new
pwd).

But when I try to create a replica file:

# ipa-replica-prepare ipa2.shiela.com


Preparing replica for ipa2.shiela.com from ipa1.shiela.com
preparation of replica failed: Insufficient access:  Invalid credentials
Insufficient access:  Invalid credentials
  File "/usr/sbin/ipa-replica-prepare", line 529, in <module>
    main()

  File "/usr/sbin/ipa-replica-prepare", line 391, in main
    update_pki_admin_password(dirman_password)

  File "/usr/sbin/ipa-replica-prepare", line 247, in
update_pki_admin_password
    bind_pw=dirman_password

  File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 63, in
connect
    conn = self.create_connection(*args, **kw)

  File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line
846, in create_connection
    self.handle_errors(e)

  File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line
712, in handle_errors
    raise errors.ACIError(info="%s %s" % (info, desc))

If anyone can shed light on this I would be grateful.  I've checked
/var/log/dirsrv/PKI-IPA but it has not been any more helpful.

Shiela
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to