Recovering openLDAP rootdn

[Andrew Heagle]

On November 11, 2011 04:55:35 pm you wrote:
> Pals,
> 
> Is there a way one can over change openLDAP rootdn password without
> starting from scratch?  I have googled for hours and I seem not to be
> in luck today?
> 
> ldapadd -x -D "cn=admin,dc=example,dc=local" -W -f ppolicy.ldif
> SASL/DIGEST-MD5 authentication started
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
> 
> 
> ldapmodify -r -D 'cn=admin,dc=example,dc=local' -W <  ppolicy.ldif
> Enter LDAP Password:
> SASL/DIGEST-MD5 authentication started
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
> 
> 
> 
> william:~# sasldblistusers2
> admin at william: userPassword
> kvoort at william: userPassword
> user at william: userPassword
> 
> Just curious if there is someone out there who has had such an experience
> 
> Regards,
> 
> William


The password for the rootdn account is specified is in the configuration 
itself, its the rootpw option. Use the slappasswd to generate a new hashed 
password. 

If you are using the slapd.conf file, just change the rootpw option and 
restart.

If you are using the slapd.d "configuration system", and you are sure your 
slapd.config is up-to-date, you can change the rootpw option and run slaptest 
-f slapd.conf -F slapd.d 

If you have write access to your cn=config database via LDAP, then you can 
change the password in there. Look for the olcRootPW attribute

Otherwise, you'll have to find the proper oldRootPW entry in your slapd.d 
configuration, eg, slapd.d/cn=config/olcDatabase={1}hdb.ldif and update the 
olcRootPW attribute with a Base64 encoded slappasswd password that you 
generated before. 


Hope its not too late.


Andrew
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists