Hi Alexander, Thanks for a quick reply first of all and to be honest actually I have tried that link too, it didn't work either.
This is my ipa version: ipa-server-3.0.0-47.el6_7.2.x86_64 and the system is RHEL 6 When I reproduce the last step of the instructions you provided: ldappasswd -h localhost -ZZ -p 389 -x -D "cn=Directory Manager" -W -T dm_password Enter LDAP Password: ldap_bind: Invalid credentials (49) Or trying this one (because I am not sure if I have dogtag 10): ldappasswd -h localhost -ZZ -p 7389 -x -D "cn=Directory Manager" -W -T dm_password Enter LDAP Password: Result: No such object (32) Additional info: No such Entry exists. I couldn't figure out clearly, your help much appreciated wherever you can. Many thanks -----Original Message----- From: Alexander Bokovoy [mailto:[email protected]] Sent: 14 July 2016 14:39 To: Stefan Uygur Cc: [email protected] Subject: Re: [Freeipa-users] Freeipa replication issue On Thu, 14 Jul 2016, Stefan Uygur wrote: >Hi All, >Sorry if this would appear to be an obvious issue and maybe someone has >already discussed about it but I couldn't get anywhere information >about how to resolve this issue that I am experiencing. > >Basically I have an IPA master server where the admin password was >originally the same as Directory Manager password, within months the >admin password was changed and DM left as it was. > >But I have followed the instructions given in below link to reset DM >password: > >https://www.centos.org/docs/5/html/CDS/install/8.0/Installation_Guide-C >ommon_Usage-Resetting_Passwords.html This is incorrect document as it is not relevant to IPA. Use http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password >Which I have tested after the reset using ldapsearch and it seems to be >working perfectly. > >But when I try to prepare the replica it keep telling me that is wrong >password as per below: > >ipa-replica-prepare ipa2.example.com --ip-address 10.0.0.3 Directory >Manager (existing master) password: >The password provided is incorrect for LDAP server ipa1.example.com > > >Usint the following to test the DM password: > >ldapsearch -x -D "cn=directory manager" -w DM_PASSWD base -b "" "objectclass=*" > >Which gives me the correct result, long output.....but again, when I >try to prepare replica still getting wrong password. There are more places where DM password is used for replica. You changed it only 389-ds but didn't change other places. Use instructions above. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
