[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: setting up admin password on openldap



On Thursday 01 November 2007 18:59:56 Naufal Sheikh wrote:
> Hello,
>
> Well Finally I have got something. I have one last question though,
> regarding the concept, Below is the excerpt from my new slapd.conf:
>
> backend bdb
>
> database monitor
>
> database        bdb
> suffix          "o=trac"
> rootdn          "cn=nsadmin,o=trac"
>
>
> rootpw  plain-text password.
>
> When I write cn=nsadmin,o=trac in userDN box in ldap brwoser and give the
> password given in the plain text in slapd.conf it connects to the ldap
> server using the credentials.
>
> While in my old slapd.conf file which I was using as a reference the rootpw
> line is hashed and in rootdn it is only :cn-nsadmin" as follows:
>
> backend bdb
>
> database monitor
>
> database        bdb
> suffix          "o=trac"
> rootdn          "cn=nsadmin"
>
>
> #rootpw  secret.
>
> Rest both the configuration files are same. But on the old server I can
> still connect the ldap server through ldap browser using UserDn cn=nsadmin
> and the password. My question is how is that happening?


The DN exists in the directory (under a different suffix/database?), and the 
password is set on the DN, in which case (since rootpw is commented out), the 
DN is authenticated against the in-directory password.

> I have not really 
> grasped this idea.
>
> Also nsadmin exists as a user

entry in LDAP.

> and I can see that it has a hashed password 
> on my original server,

In the directory

> while on my new server since (probably i did not 
> used hashed password in slapd.conf) it appears as the plain text.

But you can use an encrypted password, see the slappasswd command.

> If any 
> one can please point me to the right section of the guide to understand or
> tell me in simple words!
>
> Thank you all for your help despite of vague questions and replies.


Regards,
Buchan