[Date Prev][Date Next] [Chronological] [Thread] [Top]

Changing rootdn password while it's in the db (not in slapd.conf)?



Hello-

Thanks to the help of Michael and others I was able to migrate my root
dn user from slapd.conf to the database.  (BTW should I file a bug for
bad documentation on example from 7.1 from [1]?)

Here's how I did it (for the curious and benefit of future users/searchers)::

Add rootdn user to ldif (/tmp/entries.ldif)::

 # Organization for Example Corporation
 dn: dc=example,dc=com
 objectClass: dcObject
 objectClass: organization
 dc: example
 o: Example Corporation
 description: The Example Corporation

 # Organizational Role for Directory Manager
 dn: cn=Manager,dc=example,dc=com
 objectClass: organizationalRole
 objectClass: simpleSecurityObject
 cn: Manager
 description: Directory Manager
 userPassword: secret


load it::

 ldapadd -x -D "cn=Manager,dc=example,dc=com" -w secret -f /tmp/entries.ldif

stop ldap

comment out "rootdn" and "rootpw" from slapd.conf

start ldap

test user from db::

 ldapwhoami -x -D "cn=Manager,dc=example,dc=com" -w secret

Yeah!  It works!

So, now back to my original issue.  Updating the rootdn password.
When I try the following it fails::
ldappasswd -x -v -S -w secret -D cn=Manager,dc=example,dc=com
cn=Manager,dc=example,dc=com
New password:
Re-enter new password:
ldap_initialize( <DEFAULT> )
Result: Insufficient access (50)

I also have another user that I added and tried to update his password
and got the same error::

ldappasswd -x -v -S -w secret -D cn=Manager,dc=example,dc=com
cn=s2searchuser,ou=InternalPerson,cn=Manager,dc=example,dc=com
New password:
Re-enter new password:
ldap_initialize( <DEFAULT> )
Result: Insufficient access (50)

If I stop ldap, put rootdn/rootpw back in slapd, start ldap and re-run
the above and it works::

$ ldappasswd -x -v -S -w secret -D cn=Manager,dc=example,dc=com
cn=s2searchuser,ou=InternalPerson,cn=Manager,dc=example,dc=com
New password:
Re-enter new password:
ldap_initialize( <DEFAULT> )
Result: Success (0)

I'm sure I'm missing something that is probably obvious to the
seasoned veterans, but frustrating to a newbie like me.  If anyone can
point me further in the right direction that'd be great.

thanks much

-matt




1 - http://www.openldap.org/doc/admin22/dbtools.html