Admin password reset
# export LDAPTLS_CACERT=/etc/ipa/ca.crt
# ldappasswd -ZZ -D 'cn=directory manager' -W -S uid=admin,cn=users,cn=accounts,dc=example,dc=com -H ldap://ipa.example.com
New password:
Re-enter new password:
Enter LDAP Password:
Set password expiration
ipa user-mod test --setattr krbPasswordExpiration=20190226073247Z
Проверка правил hba
kinit admin
ipa hbactest --user=username --host=hostname --service=sshd
Заново инициировать репликацию
ipa-replica-manage re-initialize --from hostname
