On Fri, Nov 09, 2018 at 01:43:37PM +0000, Peter Oliver via FreeIPA-users wrote:
On Thu, 8 Nov 2018, 22:29 Fraser Tweedale <ftweedal(a)redhat.com
wrote:
>
> > On Thu, 8 Nov 2018, 01:41 Fraser Tweedale <ftweedal(a)redhat.com wrote:
> >
> > >
> > > Please check the LDAP entry 'uid=pkidbuser,ou=people,o=ipaca'.
> > > Do the 'userCertificate', 'description' and
'seeAlso' attributes
> > > match the IPA RA certificate (/var/lib/ipa/ra-agent.pem)?
> > >
> > > If not, update the entry to match the certificate.
> >
> I'm sorry Peter, I told you the wrong user entry. I should have
> said uid=ipara, not uid=pkidbuser.
I find that uid=ipara already has the expected description and certificate.
OK, and you restored the uid=pkidbuser entry to its previous
contents?
Please convey the whole uid=ipara object, and the
/var/lib/ipa/ra-agent.pem certificate, for examination.
Thanks,
Fraser