Stopping 389-ds was the first step for sure - I would not fall for that
one! :-)
No access to Dir Manager, and perhaps this is where I went wrong - I
skipped the ldapsearch and went straight to just trying to add a CA to
my replicate with ipa-ca-install on an existing NON-CA replica and it
asks for directory Manager Password, and I give the new one an sadly, no
joy in mudville.
BUT - maybe that is part of what I am doing wrong to test it?
Kat
On 5/21/18 12:31, Rob Crittenden wrote:
Kat via FreeIPA-users wrote:
> My bad - I thought the link I shared would indicate that is the process
> I followed. However, here are more details:
>
> ipa-server-4.5.4-10.el7_5.1.x86_64 on RHEL 7.5
>
> Steps:
>
> 1. Backup dse.ldif out of /etc/dirsrv/slapd-DOMAIN...
>
> 2. ipactl stop
>
> 3. vim dse.ldif and replace rootpw with newly hashed pw from pwdhash
> command
>
> 4. ipactl start
It is amazing how many people fail to stop 389-ds before applying the
change and wonder why it doesn't work. This is why I asked for the exact
steps.
> I tried this on the first CA, and was unable to gain access to dirmgr.
> Tried it on secondary (replicas) and still no luck. So perhaps I am just
> not understanding that you can change Directory Manager PW by following
> 389-ds docs?
It depends on version. With older versions changing the password was
more complex.
What do you mean by no access to DM? What did you do to check this?
rob
> thank you
> Kat
>
>
> On 5/21/18 10:49, Rob Crittenden wrote:
>> Kat via FreeIPA-users wrote:
>>> No suggestions at all?
>>
https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>>
>> If would help if you included the version and distro and more details on
>> how you tried to change the password.
>>
>> rob
>>
>>> :-(
>>>
>>>
>>> On 5/16/18 09:08, Kat wrote:
>>>> Hi -
>>>>
>>>> Have a replica I did not install CA on. Want to add it. I had lost the
>>>> Directory Manager password, so I followed procedure to change it by
>>>> editing dse.ldif and replacing the rootpw, but no matter what I do I
>>>> keep getting:
>>>>
>>>> [root@ipa-rep2 ~]# ipa-ca-install
>>>> Directory Manager (existing master) password:
>>>>
>>>> Directory Manager password is invalid
>>>>
>>>> Scratching my head - has the procedure for changing the Dir Mgr
>>>> password changed? I used:
>>>>
>>>>
http://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpass...
>>>>
>>>>
>>>>
>>>> Any ideas?
>>>> -K
>>>>
>>> _______________________________________________
>>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>>> To unsubscribe send an email to
>>> freeipa-users-leave(a)lists.fedorahosted.org
>>> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
>>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives:
>>>
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...
>>>
>>>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...
>