Skip to content

OpenLDAP Quick Tips: Changing your rootdn password without slapd.conf

LinuxOpenLDAPOpen SourceSuretec Hi All,

Here's my second tip in the "OpenLDAP Quick Tips" series:

"You want to manage the rootdn users password using the same tools as you use for normal users in your OpenLDAP directory server":

You would normally set your rootpw in slapd.conf like so:

CODE:
database bdb directory /usr/local/var/openldap-data suffix "dc=example,dc=com" rootdn "cn=admin,dc=example,dc=com" rootpw testing


If you leave out the rootpw line and add the rootdn user as a normal user with a userPassword attribute:

CODE:
dn: cn=admin,dc=suretecsystems,dc=com objectClass: organizationalRole objectClass: simpleSecurityObject cn: admin description: rootdn user userPassword: {SSHA}my_encrypted_password_hash_using_slappasswd


This then means you can change the rootdn password with tools like ldappasswd etc.

Note: this example does not cover cn=config where you can change 99% of OpenLDAP settings and config on the fly. The equivalent rootdn entry in cn=config would look like:

CODE:
olcRootDN: cn=admin,dc=example,dc=com olcRootPW: testing


you could use ldapmodify or similar to change above.


If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

Trackbacks

The Suretec Blog on : OpenLDAP Quick Tips: Creating encrypted passwords

Show preview
Hi All, Here's my 6th tip in the "OpenLDAP Quick Tips" series: "You want to encrypt the passwords the are stored in your directory server": Previously we covered slaptest, so the next one we will cover in the slap* set of command lines tools is s

The Suretec Blog on : OpenLDAP Quick Tips: Testing your Access Control Lists (ACLs)

Show preview
Hi All, Here's my 7th tip in the "OpenLDAP Quick Tips" series: "You want to check your Access Control Lists configured in your directory server": Previously we covered slaptest and slappasswd, so next is slapacl Let's take a standard ACL examp

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
Pavatar, Gravatar, Favatar, MyBlogLog, Pavatar author images supported.
Form options
tweetbackcheck