Trying to install a replica on Rocky 9? Failing when setting up CA or KRA with creating installation admin user:

[3/30]: creating ACIs for admin
[4/30]: creating installation admin user
Unable to log in as uid=admin-ipa2.$domain,ou=people,o=ipaca on ldap://ipa1.$domain:389
[hint] tune with replication_wait_timeout
[error] NotFound: uid=admin-ipa2.$domain,ou=people,o=ipaca did not replicate to ldap://ipa1.$domain:389

Seems like there is a problem with password setting/synchronisation.

On the new replica, patch dogtaginstance.py:

--- dogtaginstance.py   2024-09-18 13:07:59.800133397 +0000
+++ /usr/lib/python3.9/site-packages/ipaserver/install/dogtaginstance.py        2024-09-18 13:08:24.763219686 +0000
@@ -676,6 +676,7 @@

         # add user
         password = ipautil.ipa_generate_password()
+        logger.debug( "FOOBAR " + password )
         entry = api.Backend.ldap2.make_entry(
             dn,
             objectclass=[

Start ipa-replica-install

Watch /var/log/ipareplica-install.log for the FOOBAR line.

On an existing machine, set password:

ldappasswd -D 'cn=Directory Manager' -W -S uid=admin-ipa2.$domain,ou=people,o=ipaca

Needs to be done once for CA and once for KRA.