On Fri, Nov 09, 2018 at 01:43:37PM +0000, Peter Oliver via FreeIPA-users wrote:
On Thu, 8 Nov 2018, 22:29 Fraser Tweedale <ftweedal@redhat.com wrote:
On Thu, 8 Nov 2018, 01:41 Fraser Tweedale <ftweedal@redhat.com wrote:
Please check the LDAP entry 'uid=pkidbuser,ou=people,o=ipaca'. Do the 'userCertificate', 'description' and 'seeAlso' attributes match the IPA RA certificate (/var/lib/ipa/ra-agent.pem)?
If not, update the entry to match the certificate.
I'm sorry Peter, I told you the wrong user entry. I should have said uid=ipara, not uid=pkidbuser.
I find that uid=ipara already has the expected description and certificate.
OK, and you restored the uid=pkidbuser entry to its previous contents?
Please convey the whole uid=ipara object, and the /var/lib/ipa/ra-agent.pem certificate, for examination.
Thanks, Fraser