El 18/05/18 a las 20:02, Mark Reynolds escribió:
On 05/18/2018 04:07 PM, None via FreeIPA-users wrote:
El 18/05/18 a las 16:52, Mark Reynolds escribió:
On 05/18/2018 03:13 PM, i...@tecnoaccion.com.ar wrote:
El 18/05/18 a las 16:09, Mark Reynolds escribió:
On 05/18/2018 03:01 PM, None via FreeIPA-users wrote:
hi!
I'm new to FreeIPA, I inherited a FreeIPA infrastructure, and I'm
trying to have a Nagios check for the replication status (without
indicating a password). I found this article:
<https://danieljamesscott.org/11-articles/application-guides/26-freeipa-replication-monitoring.html>.
It's exactly what I want to do
but, when I try to do the ldapmodify thing with
grant_anonymous_replication_view.ldif (only changing
cn="dc=example,dc=com" according to my installation), I get:
$ ldapmodify -x -D "cn=directory manager" -W -f
grant_anonymous_replication_view.ldif -h ipa.mydomain.com.ar
Enter LDAP Password:
and it doesn't accept admin or directory manager password (?)
Do you get an invalid credentials error (49), or?
that's right, I get:
ldap_bind: Invalid credentials (49)
do I have to make other changes to the ldif?
No
or, what is the password I need?
Only you would know, if you don't know it then you can always reset
the
directory manager password:
http://www.port389.org/docs/389ds/howto/howto-resetdirmgrpassword.html
I do have admin and directory manager password, I tried with both, and
I got the same result (?)
Sounds like you don't have the correct password if you are getting error
49. The only other thing it could be is that the "cn=directory manager"
account is not setup as "cn=directory manager" in your setup. You can
confirm by grepping for "nsslapd-rootdn" from
/etc/dirsrv/slapd-YOUR_INSTANCE/dse.ldif. If it is set to "cn=directory
manager', then you have the wrong password and you should reset it.
Otherwise you have the wrong DN. It's one or the other.
great!
it was the wrong password... Now I get this:
ldapmodify: wrong attributeType at line 5, entry
"cn="dc=example,dc=com",cn=mapping tree,cn=config"
the full ldif is:
dn: cn="dc=example,dc=com",cn=mapping tree,cn=config
changetype: modify
add: aci
aci:
(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version
3.0; aci "permission:Read Replication Agreements"; allow (read,
search, compare) groupdn = "ldap:///anyone";;)
I think the problem is the aci value. Its multiple lines, maybe its
wrapped weird. There s a few ways to fix it. In LDAP you would precede
a line break with a space. So something like this:
dn: cn="dc=example,dc=com",cn=mapping tree,cn=config
changetype: modify
add: aci
aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)
(objectclass=nsDSWindowsReplicationAgreement))")(version
3.0; aci "permission:Read Replication Agreements"; allow
(read, search, compare) groupdn = "ldap:///anyone";;)
Or, it has to be one long line. I am attaching a ldif with two examples
you can pick from.
hi!
I tried both ldifs, they report the same:
# ldapmodify -x -D "cn=Directory Manager" -W -f 1.ldif -h ipa.example.com.ar
Enter LDAP Password:
modifying entry "cn="dc=example,dc=com",cn=mapping tree,cn=config"
ldap_modify: No such object (32)
# ldapmodify -x -D "cn=Directory Manager" -W -f 2.ldif -h
example.tecnoaccion.com.ar
Enter LDAP Password:
modifying entry "cn="dc=example,dc=com",cn=mapping tree,cn=config"
ldap_modify: No such object (32)
best regards,
René
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/5FUAK53CUVRSCI4XBSVLJVQO3ZBD7LUG/
