I really appreciate the responses. I'm reasonably familiar with Linux, but fairly new to Fedora, IPA, 389DS, so expect something basic that I missed or messed up.
$ ls /etc/dirsrv drwxr-xr-x. 2 root root 55 Jan 23 16:27 config -rw-------. 1 dirsrv dirsrv 662 Jan 3 20:38 ds.keytab drwxr-xr-x. 2 root root 25 Jan 23 16:27 schema drwxr-x---. 3 dirsrv dirsrv 4h96 Feb 10 16:04 slapd-IDENTITY-DEMARCOHOME-COM drwxrwx---. 2 root root 156 Jan 3 20:38 ssca $ dsconf IDENTITY-DEMARCOHOME-COM config get nsslapd-rootdn nsslapdn cn=Directory Manager Error: Could not find configuration for instance: IDENTITY-DEMARCOHOME-COM $ kinit nick Password for n...@identity.demarcohome.com: [nick@ipa1 ~]$ $ ipa --version VERSION: 4.8.4, API_VERSION: 2.235 $ cat /etc/fedora-release Fedora release 31 (Thirty One) It's a pretty clean FreeIPA instance. I haven't done much to it since installation. On Tue, Feb 11, 2020 at 2:59 AM Alexander Bokovoy <aboko...@redhat.com> wrote: > On ma, 10 helmi 2020, Nicholas DeMarco wrote: > >I'm not having success with that truncated instance string, either: > >$ dsconf -D "cn=Directory Manager" IDENTITY-DEMARCOHOME-COM > >directory_manager password_change > >Error: Could not find configuration for instance: IDENTITY-DEMARCOHOME-COM > > > >The instance is present. I can also see it on Cockpit's 389DS add in. > >$ ls /etc/dirsrv > >config ds.keytab schema slapd-IDENTITY-DEMARCOHOME-COM ssca > > weird. Do you have /etc/dirsrv/slapd-IDENTITY-DEMARCOHOME-COM/dse.ldif? > If not, at least any other files named dse.ldif.*? > > It works for me: > > # dsconf EXAMPLE-COM config get nsslapd-rootdn > nsslapd-rootdn: cn=Directory Manager > > # dsconf EXAMPLE-COM config get nsslapd-rootpw > nsslapd-rootpw: {PBKDF2_SHA256}some-long-base64-encoded-data > > # dsconf EXAMPLE-COM directory_manager password_change > Enter new directory manager password : ^C > > Exiting... > > > > >What is a simple way to verify I do have the correct password for > directory > >manager? > just try to bind with it. > > ldapsearch -D 'cn=Directory Manager' -W -h `hostname` -b > dc=identity,dc=demarcohome,dc=com -s base > > > > > > >On Mon, Feb 10, 2020 at 2:24 AM Alexander Bokovoy <aboko...@redhat.com> > >wrote: > > > >> On su, 09 helmi 2020, Nicholas DeMarco via FreeIPA-users wrote: > >> >After successfully promoting an IPA server to a replica, ipa-ca-install > >> >fails with "Directory Manager password is invalid" > >> > > >> >This noob would appreciate a command and example to verify I have the > >> >correct directory manager password. I've looked through this page: > >> > > >> > https://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html > >> > > >> > > >> >but haven't been successful in getting dsconf or ldapmodify to work. > >> > > >> >server: ipa1.identity.demarcohome.com. > >> >instance: slapd-IDENTITY-DEMARCOHOME-COM > >> > > >> ># dsconf -D "cn=Directory Manager" slapd-IDENTITY-DEMARCOHOME-COM > >> >directory_manager password_change > >> > > >> >Error: Could not find configuration for instance: > >> >slapd-IDENTITY-DEMARCOHOME-COM > >> > >> dsconf expects instance name, not the whole 'slapd-...' part. Your > >> instance name would be IDENTITY-DEMARCOHOME-COME. > >> > >> > >> -- > >> / Alexander Bokovoy > >> Sr. Principal Software Engineer > >> Security / Identity Management Engineering > >> Red Hat Limited, Finland > >> > >> > > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org