



Hi All,
Here's my second tip in the "OpenLDAP Quick Tips" series:
"You want to manage the rootdn users password using the same tools as you use for normal users in your OpenLDAP directory server":
You would normally set your
rootpw in
slapd.conf like so:
CODE:
database bdb
directory /usr/local/var/openldap-data
suffix "dc=example,dc=com"
rootdn "cn=admin,dc=example,dc=com"
rootpw testing
If you leave out the
rootpw line and add the
rootdn user as a normal user with a
userPassword attribute:
CODE:
dn: cn=admin,dc=suretecsystems,dc=com
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: admin
description: rootdn user
userPassword: {SSHA}my_encrypted_password_hash_using_slappasswd
This then means you can change the rootdn password with tools like ldappasswd etc.
Note: this example does not cover
cn=config where you can change 99% of OpenLDAP settings and config on the fly. The equivalent rootdn entry in
cn=config would look like:
CODE:
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: testing
you could use ldapmodify or similar to change above.
If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.