[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Changing rootdn password while it's in the db (not in slapd.conf)?
Hello-
Thanks to the help of Michael and others I was able to migrate my root
dn user from slapd.conf to the database. (BTW should I file a bug for
bad documentation on example from 7.1 from [1]?)
Here's how I did it (for the curious and benefit of future users/searchers)::
Add rootdn user to ldif (/tmp/entries.ldif)::
# Organization for Example Corporation
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
dc: example
o: Example Corporation
description: The Example Corporation
# Organizational Role for Directory Manager
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: Manager
description: Directory Manager
userPassword: secret
load it::
ldapadd -x -D "cn=Manager,dc=example,dc=com" -w secret -f /tmp/entries.ldif
stop ldap
comment out "rootdn" and "rootpw" from slapd.conf
start ldap
test user from db::
ldapwhoami -x -D "cn=Manager,dc=example,dc=com" -w secret
Yeah! It works!
So, now back to my original issue. Updating the rootdn password.
When I try the following it fails::
ldappasswd -x -v -S -w secret -D cn=Manager,dc=example,dc=com
cn=Manager,dc=example,dc=com
New password:
Re-enter new password:
ldap_initialize( <DEFAULT> )
Result: Insufficient access (50)
I also have another user that I added and tried to update his password
and got the same error::
ldappasswd -x -v -S -w secret -D cn=Manager,dc=example,dc=com
cn=s2searchuser,ou=InternalPerson,cn=Manager,dc=example,dc=com
New password:
Re-enter new password:
ldap_initialize( <DEFAULT> )
Result: Insufficient access (50)
If I stop ldap, put rootdn/rootpw back in slapd, start ldap and re-run
the above and it works::
$ ldappasswd -x -v -S -w secret -D cn=Manager,dc=example,dc=com
cn=s2searchuser,ou=InternalPerson,cn=Manager,dc=example,dc=com
New password:
Re-enter new password:
ldap_initialize( <DEFAULT> )
Result: Success (0)
I'm sure I'm missing something that is probably obvious to the
seasoned veterans, but frustrating to a newbie like me. If anyone can
point me further in the right direction that'd be great.
thanks much
-matt
1 - http://www.openldap.org/doc/admin22/dbtools.html