Problem with LDAP resolver from second domain


#1

Hi all!
I have a problem with realms - not so long ago ive added LDAP-resolver from our second domain to some realms,and now i cannot enter - Authentication failed. Found more than one object for Loginname

Funny thing that my admin account is in this resolver - and i cant fix it in UI.

How can i create new admin or fix it on the server?


#2

Take a look at the command line tool pi-manage as the root user.

You can use it to

  • create local admins
  • or deactiveate policies if needed.

https://privacyidea.readthedocs.io/en/latest/installation/system/pimanage/index.html


#3

problem was that accounts with admin’s rights is in the policy, so even if i deactivate it - nothing will change, as for new localadmin.

And whats more - with pi-manage command you cant delete or modify resolver or realm,and for me p_export\p_import commands dosent work. Maybe because we use 2.10.2

Solution for me was a bug\unique behavior of pi-manage command when you create realm with exact same name like the old one - its just overwrite previous with resolver that i point in command.


#4

Thanks for the feedback.

Actually it is “saving” a realm rather than “creating” it. It is the intended behaviour.