I enabled the retro changelog and discovered that it was no longer possible to change passwords. This is because the retro changelog adds a top-level "namingContexts" entry. ipa_kpasswd searches for namingContexts and takes the first one without checking that it is a dc= entry. It then can't find the user in that tree leading to issue #1655.
master: a797f90
ipa-2-1: 7879079
Metadata Update from @ssieb: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 2.1.1 (bug fixing)
Login to comment on this ticket.