hi, On Tue, Sep 13, 2016 at 9:36 PM, Endi Sukma Dewata <edew...@redhat.com> wrote:
> On 9/12/2016 9:35 PM, Endi Sukma Dewata wrote: > >> On 9/9/2016 2:46 PM, Georgios Kafataridis wrote: >> >>> I've tried that but still the same result. >>> >>> [root@ipa-server /]# ldapsearch -D "cn=directory manager" -W -p 389 -h >>> localhost -b "uid=admin,ou=people,o=ipaca" >>> Enter LDAP Password: >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base <uid=admin,ou=people,o=ipaca> with scope subtree >>> # filter: (objectclass=*) >>> # requesting: ALL >>> # >>> >>> # search result >>> search: 2 >>> result: 32 No such object >>> >> >> Hi, >> >> The master's logs indicate there's an authentication issue. >> >> Could you search the whole directory to find the admin user? >> $ ldapsearch ... -b "o=ipaca" "(uid=admin)" >> >> Try also other suffixes that you have in the DS. >> >> If you find it, try to authenticate against DS directly as the admin >> user. If the authentication fails, try resetting the password. >> > > I believe there is actually another DS instance on CentOS 6.8 running on > port 7389, so make sure you check that too. If the admin user is indeed > missing, it will need to be recreated, assigned a password and certificate, > and added to the appropriate groups. > > See also: http://pki.fedoraproject.org/wiki/IPA_PKI_Users > I am having this problem too (see thread with subject " adding replica centos 7 to centos 6 fails [error] ObjectclassViolation: attribute "unhashed#user#password" not allowed" If the usercertificate attribute of this user is expired, could this be the cause of these problems? I can login with the password as user uid=admin,ou=people,o=ipaca, but the certificate expired 2014-10-28 -- regards, Natxo -- -- Groeten, natxo
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project