Stopping 389-ds was the first step for sure - I would not fall for that
one! :-)
No access to Dir Manager, and perhaps this is where I went wrong - I
skipped the ldapsearch and went straight to just trying to add a CA to
my replicate with ipa-ca-install on an existing NON-CA replica and it
asks for directory Manager Password, and I give the new one an sadly, no
joy in mudville.
BUT - maybe that is part of what I am doing wrong to test it?
Kat
On 5/21/18 12:31, Rob Crittenden wrote:
Kat via FreeIPA-users wrote:
My bad - I thought the link I shared would indicate that is the process
I followed. However, here are more details:
ipa-server-4.5.4-10.el7_5.1.x86_64 on RHEL 7.5
Steps:
1. Backup dse.ldif out of /etc/dirsrv/slapd-DOMAIN...
2. ipactl stop
3. vim dse.ldif and replace rootpw with newly hashed pw from pwdhash
command
4. ipactl start
It is amazing how many people fail to stop 389-ds before applying the
change and wonder why it doesn't work. This is why I asked for the exact
steps.
I tried this on the first CA, and was unable to gain access to dirmgr.
Tried it on secondary (replicas) and still no luck. So perhaps I am just
not understanding that you can change Directory Manager PW by following
389-ds docs?
It depends on version. With older versions changing the password was
more complex.
What do you mean by no access to DM? What did you do to check this?
rob
thank you
Kat
On 5/21/18 10:49, Rob Crittenden wrote:
Kat via FreeIPA-users wrote:
No suggestions at all?
https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
If would help if you included the version and distro and more details on
how you tried to change the password.
rob
:-(
On 5/16/18 09:08, Kat wrote:
Hi -
Have a replica I did not install CA on. Want to add it. I had lost the
Directory Manager password, so I followed procedure to change it by
editing dse.ldif and replacing the rootpw, but no matter what I do I
keep getting:
[root@ipa-rep2 ~]# ipa-ca-install
Directory Manager (existing master) password:
Directory Manager password is invalid
Scratching my head - has the procedure for changing the Dir Mgr
password changed? I used:
http://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html
Any ideas?
-K
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/BUEPY6TBYRLMDYCT7BA65OLFOUQCRJ5R/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/FYGIVS2CS3SDYOQNL2BCVDEWJWQCATLE/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/HSEN43BFTKBTOEFR72SVFV5P5FMDXG6A/
