Kat via FreeIPA-users wrote: > My bad - I thought the link I shared would indicate that is the process > I followed. However, here are more details: > > ipa-server-4.5.4-10.el7_5.1.x86_64 on RHEL 7.5 > > Steps: > > 1. Backup dse.ldif out of /etc/dirsrv/slapd-DOMAIN... > > 2. ipactl stop > > 3. vim dse.ldif and replace rootpw with newly hashed pw from pwdhash > command > > 4. ipactl start
It is amazing how many people fail to stop 389-ds before applying the change and wonder why it doesn't work. This is why I asked for the exact steps. > I tried this on the first CA, and was unable to gain access to dirmgr. > Tried it on secondary (replicas) and still no luck. So perhaps I am just > not understanding that you can change Directory Manager PW by following > 389-ds docs? It depends on version. With older versions changing the password was more complex. What do you mean by no access to DM? What did you do to check this? rob > > thank you > Kat > > > On 5/21/18 10:49, Rob Crittenden wrote: >> Kat via FreeIPA-users wrote: >>> No suggestions at all? >> https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password >> >> If would help if you included the version and distro and more details on >> how you tried to change the password. >> >> rob >> >>> :-( >>> >>> >>> On 5/16/18 09:08, Kat wrote: >>>> Hi - >>>> >>>> Have a replica I did not install CA on. Want to add it. I had lost the >>>> Directory Manager password, so I followed procedure to change it by >>>> editing dse.ldif and replacing the rootpw, but no matter what I do I >>>> keep getting: >>>> >>>> [root@ipa-rep2 ~]# ipa-ca-install >>>> Directory Manager (existing master) password: >>>> >>>> Directory Manager password is invalid >>>> >>>> Scratching my head - has the procedure for changing the Dir Mgr >>>> password changed? I used: >>>> >>>> http://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html >>>> >>>> >>>> >>>> Any ideas? >>>> -K >>>> >>> _______________________________________________ >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>> To unsubscribe send an email to >>> freeipa-users-le...@lists.fedorahosted.org >>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/BUEPY6TBYRLMDYCT7BA65OLFOUQCRJ5R/ >>> >>> > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/FYGIVS2CS3SDYOQNL2BCVDEWJWQCATLE/ > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/FVJLMXNU22LX336BUOU5QZYDRAVJ3RXO/