I really appreciate the responses. I'm reasonably familiar with Linux, but
fairly new to Fedora, IPA, 389DS, so expect something basic that I missed
or messed up.
$ ls /etc/dirsrv
drwxr-xr-x. 2 root root 55 Jan 23 16:27 config
-rw-------. 1 dirsrv dirsrv 662 Jan 3 20:38 ds.keytab
drwxr-xr-x. 2 root root 25 Jan 23 16:27 schema
drwxr-x---. 3 dirsrv dirsrv 4h96 Feb 10 16:04 slapd-IDENTITY-DEMARCOHOME-COM
drwxrwx---. 2 root root 156 Jan 3 20:38 ssca
$ dsconf IDENTITY-DEMARCOHOME-COM config get nsslapd-rootdn nsslapdn
cn=Directory Manager
Error: Could not find configuration for instance: IDENTITY-DEMARCOHOME-COM
$ kinit nick
Password for n...@identity.demarcohome.com:
[nick@ipa1 ~]$
$ ipa --version
VERSION: 4.8.4, API_VERSION: 2.235
$ cat /etc/fedora-release
Fedora release 31 (Thirty One)
It's a pretty clean FreeIPA instance. I haven't done much to it since
installation.
On Tue, Feb 11, 2020 at 2:59 AM Alexander Bokovoy <aboko...@redhat.com>
wrote:
> On ma, 10 helmi 2020, Nicholas DeMarco wrote:
> >I'm not having success with that truncated instance string, either:
> >$ dsconf -D "cn=Directory Manager" IDENTITY-DEMARCOHOME-COM
> >directory_manager password_change
> >Error: Could not find configuration for instance: IDENTITY-DEMARCOHOME-COM
> >
> >The instance is present. I can also see it on Cockpit's 389DS add in.
> >$ ls /etc/dirsrv
> >config ds.keytab schema slapd-IDENTITY-DEMARCOHOME-COM ssca
>
> weird. Do you have /etc/dirsrv/slapd-IDENTITY-DEMARCOHOME-COM/dse.ldif?
> If not, at least any other files named dse.ldif.*?
>
> It works for me:
>
> # dsconf EXAMPLE-COM config get nsslapd-rootdn
> nsslapd-rootdn: cn=Directory Manager
>
> # dsconf EXAMPLE-COM config get nsslapd-rootpw
> nsslapd-rootpw: {PBKDF2_SHA256}some-long-base64-encoded-data
>
> # dsconf EXAMPLE-COM directory_manager password_change
> Enter new directory manager password : ^C
>
> Exiting...
>
> >
> >What is a simple way to verify I do have the correct password for
> directory
> >manager?
> just try to bind with it.
>
> ldapsearch -D 'cn=Directory Manager' -W -h `hostname` -b
> dc=identity,dc=demarcohome,dc=com -s base
>
> >
> >
> >On Mon, Feb 10, 2020 at 2:24 AM Alexander Bokovoy <aboko...@redhat.com>
> >wrote:
> >
> >> On su, 09 helmi 2020, Nicholas DeMarco via FreeIPA-users wrote:
> >> >After successfully promoting an IPA server to a replica, ipa-ca-install
> >> >fails with "Directory Manager password is invalid"
> >> >
> >> >This noob would appreciate a command and example to verify I have the
> >> >correct directory manager password. I've looked through this page:
> >> >
> >>
> https://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html
> >> >
> >> >
> >> >but haven't been successful in getting dsconf or ldapmodify to work.
> >> >
> >> >server: ipa1.identity.demarcohome.com.
> >> >instance: slapd-IDENTITY-DEMARCOHOME-COM
> >> >
> >> ># dsconf -D "cn=Directory Manager" slapd-IDENTITY-DEMARCOHOME-COM
> >> >directory_manager password_change
> >> >
> >> >Error: Could not find configuration for instance:
> >> >slapd-IDENTITY-DEMARCOHOME-COM
> >>
> >> dsconf expects instance name, not the whole 'slapd-...' part. Your
> >> instance name would be IDENTITY-DEMARCOHOME-COME.
> >>
> >>
> >> --
> >> / Alexander Bokovoy
> >> Sr. Principal Software Engineer
> >> Security / Identity Management Engineering
> >> Red Hat Limited, Finland
> >>
> >>
>
>
> --
> / Alexander Bokovoy
> Sr. Principal Software Engineer
> Security / Identity Management Engineering
> Red Hat Limited, Finland
>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
