You should be able to reset this by setting the pw in the replication manager entry in the cn=config of dse.ldif when the sevre is stopped, or you can use something like ldapmodify / ldapvi to reset the password.
As for excluding the pwpolicy, I'd need to double check the docs, I don't know everything :)
> On 3 Mar 2021, at 23:29, Chris Patterson <cpatter12@gmail.com> wrote:
>
> The replication was a multiple master between two RHEL 7.7 servers running 389 ds. It really looks like the replication manager password expired. I found in a RH DS manual that if a password expiration policy is in force to disable it on the replication manager. So what I need is a way to either reset the replication manager password, probably from the command line, or recreate it and recreate the replication agreement.
> I also had to reset the directory manager password so I could in turn reset the admin login on the 389 console gui.
>
> On Tue, Mar 2, 2021 at 5:21 PM William Brown <wbrown@suse.de> wrote:
>
>
> > On 3 Mar 2021, at 02:10, Chris Patterson <cpatter12@gmail.com> wrote:
> >
> > Using 389 DS and directory server replication is failing. I am getting:
> >
> > NSMMReplictionPlugin Unable to require replica for total update error 49 retrying
> >
> > NSMMReplicationPlugin bind_and_check_pwp Replication bind with SIMPLE auth failed LDAP error 19 (constraint violation) (Exceed password retry limit)
> >
> > This used to work until the 180 password time frame happened on this new-ish server.
> > I almost suspect it is the server wide password policy that has caused this
>
> Can you please provide more details about the replication agreements and the accounts you are using for authenticating these agreements?
>
>
> —
> Sincerely,
>
> William Brown
>
> Senior Software Engineer, 389 Directory Server
> SUSE Labs, Australia
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
No comments:
Post a Comment