I am trying to recover the admin user password from my company's legacy FreeIPA server, per the instructions here: https://computingforgeeks.com/reset-freeipa-admin-password-as-root-user-on-linux/. At this point I am able to query the LDAP server successfully:
# ldapsearch -x -D "cn=directory manager" -w "NEW_PASSWORD" -s base -b "dc=example,dc=com" "objectclass=*" -h example.com
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope baseObject
# filter: objectclass=*
# requesting: ALL
#
# example.com
dn: dc=example,dc=com
associatedDomain: example.com
nisDomain: example.com
info: IPA V2.0
dc: example
objectClass: top
objectClass: domain
objectClass: pilotObject
objectClass: domainRelatedObject
objectClass: nisDomainObject
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
When I try to ldappasswd to update the password however:
# ldappasswd -ZZ -D 'cn=Directory Manager' -W -S uid=admin,cn=users,cn=accounts,dc=example,dc=com -H ldap://example.com
New password:
Re-enter new password:
ldap_start_tls: Connect error (-11)
additional info: TLS error -8174:security library: bad database.
The error leads me to believe something is wrong in /etc/openldap/certs, but I'm stumped as to what my next step should be. I'm not well versed in IPA and this has really thrown me for a loop.
