Hello all,
> The PKCS#12 file of the CA root generated by IPA during installation is
> protected by the DM password.
>
> An updated file can be generated using PKCS12Export if desired.
>
Is this step actually required when changing the directory manager
password
(
https://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpas...
If I'm reading the documentation properly, it appears that FreeIPA
versions >= 4.x do not require this step. Is this correct?
Thank you!
John DeSantis
Il giorno gio 20 mag 2021 alle ore 08:53 Rob Crittenden via
FreeIPA-users <freeipa-users(a)lists.fedorahosted.org> ha scritto:
>
> Florence Renaud via FreeIPA-users wrote:
>> Hi Ian,
>> with IPA 4.6.8 you just need to follow the 389ds doc.
>> The procedure was more complex in version < 3.2.2 because there were two
>> 389ds instances (one for the regular suffix and one for the Certificate
>> Server) and the password has to be manually synchronized between the 2,
>> and the replica installation was done using a different procedure (you
>> had to prepare a replica file containing passwords, private keys,
>> certificates and then transfer this file on the future replica).
>
> The PKCS#12 file of the CA root generated by IPA during installation is
> protected by the DM password.
>
> An updated file can be generated using PKCS12Export if desired.
>
> rob
>
>> HTH,
>> flo
>>
>> On Tue, May 18, 2021 at 7:41 PM Ian Pilcher via FreeIPA-users
>> <freeipa-users(a)lists.fedorahosted.org
>> <mailto:freeipa-users@lists.fedorahosted.org>> wrote:
>>
>> Maybe it's just me, but I still find the documentation on this subject
>> confusing. (This is probably because the docs seem to be telling me
>> that I don't need to do anything beyond the actual password change, and
>> I don't trust answers that seem too easy.)
>>
>> I running a single-node IPA 4.6.8 on RHEL 7. The actual password change
>> with ldapmodify[1] is simple enough. Am I reading the FreeIPA
>> documentation[2] correctly, that I don't need to perform any other
>> steps?
>>
>> Thanks!
>>
>> [1]
>>
https://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpas...
>> [2]
https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>>
>> --
>> ========================================================================
>> Ian Pilcher Sr. Principal Product Manager
>> +1 469 892-8704 Red Hat Cloud Platforms
>> ========================================================================
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> <mailto:freeipa-users@lists.fedorahosted.org>
>> To unsubscribe send an email to
>> freeipa-users-leave(a)lists.fedorahosted.org
>> <mailto:freeipa-users-leave@lists.fedorahosted.org>
>> Fedora Code of Conduct:
>>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>> Do not reply to spam on the list, report it:
>>
https://pagure.io/fedora-infrastructure
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
>>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure