On 05/21/2018 10:16 AM, i...@tecnoaccion.com.ar wrote: > El 18/05/18 a las 20:02, Mark Reynolds escribió: >> >> On 05/18/2018 04:07 PM, None via FreeIPA-users wrote: >>> El 18/05/18 a las 16:52, Mark Reynolds escribió: >>>> On 05/18/2018 03:13 PM, i...@tecnoaccion.com.ar wrote: >>>>> El 18/05/18 a las 16:09, Mark Reynolds escribió: >>>>>> On 05/18/2018 03:01 PM, None via FreeIPA-users wrote: >>>>>>> hi! >>>>>>> >>>>>>> I'm new to FreeIPA, I inherited a FreeIPA infrastructure, and I'm >>>>>>> trying to have a Nagios check for the replication status (without >>>>>>> indicating a password). I found this article: >>>>>>> <https://danieljamesscott.org/11-articles/application-guides/26-freeipa-replication-monitoring.html>. >>>>>>> >>>>>>> >>>>>>> >>>>>>> It's exactly what I want to do >>>>>>> >>>>>>> but, when I try to do the ldapmodify thing with >>>>>>> grant_anonymous_replication_view.ldif (only changing >>>>>>> cn="dc=example,dc=com" according to my installation), I get: >>>>>>> >>>>>>> $ ldapmodify -x -D "cn=directory manager" -W -f >>>>>>> grant_anonymous_replication_view.ldif -h ipa.mydomain.com.ar >>>>>>> Enter LDAP Password: >>>>>>> >>>>>>> >>>>>>> and it doesn't accept admin or directory manager password (?) >>>>>> Do you get an invalid credentials error (49), or? >>>>> that's right, I get: >>>>> ldap_bind: Invalid credentials (49) >>>>> >>>>> >>>>> >>>>>>> do I have to make other changes to the ldif? >>>>>> No >>>>>>> or, what is the password I need? >>>>>> Only you would know, if you don't know it then you can always reset >>>>>> the >>>>>> directory manager password: >>>>>> >>>>>> http://www.port389.org/docs/389ds/howto/howto-resetdirmgrpassword.html >>>>>> >>>>> I do have admin and directory manager password, I tried with both, >>>>> and >>>>> I got the same result (?) >>>> Sounds like you don't have the correct password if you are getting >>>> error >>>> 49. The only other thing it could be is that the "cn=directory >>>> manager" >>>> account is not setup as "cn=directory manager" in your setup. You can >>>> confirm by grepping for "nsslapd-rootdn" from >>>> /etc/dirsrv/slapd-YOUR_INSTANCE/dse.ldif. If it is set to >>>> "cn=directory >>>> manager', then you have the wrong password and you should reset it. >>>> Otherwise you have the wrong DN. It's one or the other. >>> >>> great! >>> >>> it was the wrong password... Now I get this: >>> >>> ldapmodify: wrong attributeType at line 5, entry >>> "cn="dc=example,dc=com",cn=mapping tree,cn=config" >>> >>> >>> the full ldif is: >>> >>> dn: cn="dc=example,dc=com",cn=mapping tree,cn=config >>> changetype: modify >>> add: aci >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version >>> >>> 3.0; aci "permission:Read Replication Agreements"; allow (read, >>> search, compare) groupdn = "ldap:///anyone";;) >> I think the problem is the aci value. Its multiple lines, maybe its >> wrapped weird. There s a few ways to fix it. In LDAP you would precede >> a line break with a space. So something like this: >> >> dn: cn="dc=example,dc=com",cn=mapping tree,cn=config >> changetype: modify >> add: aci >> aci: >> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement) >> (objectclass=nsDSWindowsReplicationAgreement))")(version >> 3.0; aci "permission:Read Replication Agreements"; allow >> (read, search, compare) groupdn = "ldap:///anyone";;) >> >> Or, it has to be one long line. I am attaching a ldif with two examples >> you can pick from. > > > hi! > > I tried both ldifs, they report the same: > > # ldapmodify -x -D "cn=Directory Manager" -W -f 1.ldif -h > ipa.example.com.ar > Enter LDAP Password: > modifying entry "cn="dc=example,dc=com",cn=mapping tree,cn=config" > ldap_modify: No such object (32) > > # ldapmodify -x -D "cn=Directory Manager" -W -f 2.ldif -h > example.tecnoaccion.com.ar > Enter LDAP Password: > modifying entry "cn="dc=example,dc=com",cn=mapping tree,cn=config" > ldap_modify: No such object (32)
Its probably the quotes around dc=example,dc=com Try replacing it with; cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config > > > best regards, > René _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/NA4P4YPD2GFHPXV4TOILQ3ABODKBWPQ5/
