Trying to install a replica on Rocky 9? Failing when setting up CA or KRA with
creating installation admin user:
[3/30]: creating ACIs for admin
[4/30]: creating installation admin user
Unable to log in as uid=admin-ipa2.$domain,ou=people,o=ipaca on ldap://ipa1.$domain:389
[hint] tune with replication_wait_timeout
[error] NotFound: uid=admin-ipa2.$domain,ou=people,o=ipaca did not replicate to ldap://ipa1.$domain:389
Seems like there is a problem with password setting/synchronisation.
KRA connector has already been defined for this CA
Has your KRA transport certificate rolled over since the original installation?
If yes, /etc/pki/pki-tomcat/ca/CS.cfg on the machine you try to sync from
might still have the old certificate in ca.connector.KRA.transportCert.
Since ipa-replica-install ... --setup-kra copies that file, it will try to add
itself with the wrong certificate leading to the above error.
Trying to debug some early boot failures? Passing systemd.debug-shell=1 to the
kernel command line? Running ip a to inspect network interfaces, and getting
no output? Try