hi,

On Tue, Sep 13, 2016 at 9:36 PM, Endi Sukma Dewata <edew...@redhat.com>
wrote:

> On 9/12/2016 9:35 PM, Endi Sukma Dewata wrote:
>
>> On 9/9/2016 2:46 PM, Georgios Kafataridis wrote:
>>
>>> I've tried that but still the same result.
>>>
>>> [root@ipa-server /]# ldapsearch -D "cn=directory manager" -W -p 389 -h
>>> localhost -b "uid=admin,ou=people,o=ipaca"
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <uid=admin,ou=people,o=ipaca> with scope subtree
>>> # filter: (objectclass=*)
>>> # requesting: ALL
>>> #
>>>
>>> # search result
>>> search: 2
>>> result: 32 No such object
>>>
>>
>> Hi,
>>
>> The master's logs indicate there's an authentication issue.
>>
>> Could you search the whole directory to find the admin user?
>> $ ldapsearch ... -b "o=ipaca" "(uid=admin)"
>>
>> Try also other suffixes that you have in the DS.
>>
>> If you find it, try to authenticate against DS directly as the admin
>> user. If the authentication fails, try resetting the password.
>>
>
> I believe there is actually another DS instance on CentOS 6.8 running on
> port 7389, so make sure you check that too. If the admin user is indeed
> missing, it will need to be recreated, assigned a password and certificate,
> and added to the appropriate groups.
>
> See also: http://pki.fedoraproject.org/wiki/IPA_PKI_Users
>


I am having this problem too (see thread with subject " adding replica
centos 7 to centos 6 fails [error] ObjectclassViolation: attribute
"unhashed#user#password" not allowed"

If the usercertificate attribute of this user is expired, could this be the
cause of these problems?

I can login with the password as user uid=admin,ou=people,o=ipaca, but the
certificate expired 2014-10-28

-- 
regards,
Natxo



-- 
--
Groeten,
natxo
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to