Recovering openLDAP rootdn
Andrew Heagle
andrew-vUgxaBqSMS7QT0dZR+AlfA at public.gmane.org
Sun Dec 4 14:31:51 UTC 2011
On November 11, 2011 04:55:35 pm you wrote:
> Pals,
>
> Is there a way one can over change openLDAP rootdn password without
> starting from scratch? I have googled for hours and I seem not to be
> in luck today?
>
> ldapadd -x -D "cn=admin,dc=example,dc=local" -W -f ppolicy.ldif
> SASL/DIGEST-MD5 authentication started
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>
>
> ldapmodify -r -D 'cn=admin,dc=example,dc=local' -W < ppolicy.ldif
> Enter LDAP Password:
> SASL/DIGEST-MD5 authentication started
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>
>
>
> william:~# sasldblistusers2
> admin at william: userPassword
> kvoort at william: userPassword
> user at william: userPassword
>
> Just curious if there is someone out there who has had such an experience
>
> Regards,
>
> William
The password for the rootdn account is specified is in the configuration
itself, its the rootpw option. Use the slappasswd to generate a new hashed
password.
If you are using the slapd.conf file, just change the rootpw option and
restart.
If you are using the slapd.d "configuration system", and you are sure your
slapd.config is up-to-date, you can change the rootpw option and run slaptest
-f slapd.conf -F slapd.d
If you have write access to your cn=config database via LDAP, then you can
change the password in there. Look for the olcRootPW attribute
Otherwise, you'll have to find the proper oldRootPW entry in your slapd.d
configuration, eg, slapd.d/cn=config/olcDatabase={1}hdb.ldif and update the
olcRootPW attribute with a Base64 encoded slappasswd password that you
generated before.
Hope its not too late.
Andrew
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list