OpenLDAP Quick Tips: Changing your rootdn password without slapd.conf
Hi All,Here's my second tip in the "OpenLDAP Quick Tips" series:
"You want to manage the rootdn users password using the same tools as you use for normal users in your OpenLDAP directory server":
You would normally set your rootpw in slapd.conf like so:
CODE:
database bdb
directory /usr/local/var/openldap-data
suffix "dc=example,dc=com"
rootdn "cn=admin,dc=example,dc=com"
rootpw testing
If you leave out the rootpw line and add the rootdn user as a normal user with a userPassword attribute:
CODE:
dn: cn=admin,dc=suretecsystems,dc=com
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: admin
description: rootdn user
userPassword: {SSHA}my_encrypted_password_hash_using_slappasswd
This then means you can change the rootdn password with tools like ldappasswd etc.
Note: this example does not cover cn=config where you can change 99% of OpenLDAP settings and config on the fly. The equivalent rootdn entry in cn=config would look like:
CODE:
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: testing
you could use ldapmodify or similar to change above.
If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.
Trackbacks
The Suretec Blog on : OpenLDAP Quick Tips: Creating encrypted passwords
Show preview
Hi All, Here's my 6th tip in the "OpenLDAP Quick Tips" series: "You want to encrypt the passwords the are stored in your directory server": Previously we covered slaptest, so the next one we will cover in the slap* set of command lines tools is s
The Suretec Blog on : OpenLDAP Quick Tips: Testing your Access Control Lists (ACLs)
Show preview
Hi All, Here's my 7th tip in the "OpenLDAP Quick Tips" series: "You want to check your Access Control Lists configured in your directory server": Previously we covered slaptest and slappasswd, so next is slapacl Let's take a standard ACL examp
Comments
Display comments as Linear | Threaded