Skip to content

OpenLDAP Quick Tips: Changing your rootdn password without slapd.conf

LinuxOpenLDAPOpen SourceSuretec Hi All,

Here's my second tip in the "OpenLDAP Quick Tips" series:

"You want to manage the rootdn users password using the same tools as you use for normal users in your OpenLDAP directory server":

You would normally set your rootpw in slapd.conf like so:

database bdb directory /usr/local/var/openldap-data suffix "dc=example,dc=com" rootdn "cn=admin,dc=example,dc=com" rootpw testing

If you leave out the rootpw line and add the rootdn user as a normal user with a userPassword attribute:

dn: cn=admin,dc=suretecsystems,dc=com objectClass: organizationalRole objectClass: simpleSecurityObject cn: admin description: rootdn user userPassword: {SSHA}my_encrypted_password_hash_using_slappasswd

This then means you can change the rootdn password with tools like ldappasswd etc.

Note: this example does not cover cn=config where you can change 99% of OpenLDAP settings and config on the fly. The equivalent rootdn entry in cn=config would look like:

olcRootDN: cn=admin,dc=example,dc=com olcRootPW: testing

you could use ldapmodify or similar to change above.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.


The Suretec Blog on : OpenLDAP Quick Tips: Creating encrypted passwords

Show preview
Hi All, Here's my 6th tip in the "OpenLDAP Quick Tips" series: "You want to encrypt the passwords the are stored in your directory server": Previously we covered slaptest, so the next one we will cover in the slap* set of command lines tools is s

The Suretec Blog on : OpenLDAP Quick Tips: Testing your Access Control Lists (ACLs)

Show preview
Hi All, Here's my 7th tip in the "OpenLDAP Quick Tips" series: "You want to check your Access Control Lists configured in your directory server": Previously we covered slaptest and slappasswd, so next is slapacl Let's take a standard ACL examp


Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.

Pavatar, Gravatar, Favatar, MyBlogLog, Pavatar author images supported.
Form options