On 07/14/2016 10:10 AM, Stefan Uygur wrote: > Hi Alexander, > Thanks for a quick reply first of all and to be honest actually I have tried > that link too, it didn't work either. > > This is my ipa version: ipa-server-3.0.0-47.el6_7.2.x86_64 and the system is > RHEL 6 > > When I reproduce the last step of the instructions you provided: > > ldappasswd -h localhost -ZZ -p 389 -x -D "cn=Directory Manager" -W -T > dm_password > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > > Or trying this one (because I am not sure if I have dogtag 10): > > ldappasswd -h localhost -ZZ -p 7389 -x -D "cn=Directory Manager" -W -T > dm_password > Enter LDAP Password: > Result: No such object (32) > Additional info: No such Entry exists. The problem here is that "cn=directory manager" does not exist in a database. It only exists in the cn=config entry, so ldappasswd will not work. You must follow this process:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/dirmnger-pwd.html#dirmnger-pwd-Resetting_Passwords But I'm not sure if your problem is the directory manager account though. You need to look through the Directory Server access log for "err=49" (/var/log/dirsrv/slapd-INSTANCE/access), and see which BIND dn is failing. It could be a different user/account. Mark > > I couldn't figure out clearly, your help much appreciated wherever you can. > > Many thanks > > > -----Original Message----- > From: Alexander Bokovoy [mailto:aboko...@redhat.com] > Sent: 14 July 2016 14:39 > To: Stefan Uygur > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Freeipa replication issue > > On Thu, 14 Jul 2016, Stefan Uygur wrote: >> Hi All, >> Sorry if this would appear to be an obvious issue and maybe someone has >> already discussed about it but I couldn't get anywhere information >> about how to resolve this issue that I am experiencing. >> >> Basically I have an IPA master server where the admin password was >> originally the same as Directory Manager password, within months the >> admin password was changed and DM left as it was. >> >> But I have followed the instructions given in below link to reset DM >> password: >> >> https://www.centos.org/docs/5/html/CDS/install/8.0/Installation_Guide-C >> ommon_Usage-Resetting_Passwords.html > This is incorrect document as it is not relevant to IPA. > > Use http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password > >> Which I have tested after the reset using ldapsearch and it seems to be >> working perfectly. >> >> But when I try to prepare the replica it keep telling me that is wrong >> password as per below: >> >> ipa-replica-prepare ipa2.example.com --ip-address 10.0.0.3 Directory >> Manager (existing master) password: >> The password provided is incorrect for LDAP server ipa1.example.com >> >> >> Usint the following to test the DM password: >> >> ldapsearch -x -D "cn=directory manager" -w DM_PASSWD base -b "" >> "objectclass=*" >> >> Which gives me the correct result, long output.....but again, when I >> try to prepare replica still getting wrong password. > There are more places where DM password is used for replica. You changed it > only 389-ds but didn't change other places. Use instructions above. > > > -- > / Alexander Bokovoy > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project