[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: How do I reset rootdn password?
Hi Howard! I had the feeling you would reply to my post :)
On Sat, Feb 4, 2012 at 9:41 PM, Howard Chu <hyc@symas.com> wrote:
> Jose Ildefonso Camargo Tolosa wrote:
>>
>> Hi,
>>
>> On Sat, Feb 4, 2012 at 1:56 AM, Daniel Savard<dsavard@cids.ca> wrote:
>>>
>>> I would like to know how to reset the rootpw in OpenLDAP 2.4?
>>>
>>> Do I need to recreate over the entire configuration database and the
>>> database itself or there is a trick?
>>
>>
>> Risking to be burned by the community, you could directly edit the
>> slapd.d files (this is NOT recommended, but you could risk doing it in
>> your case), this one in particular (shutdown slapd before doing this):
>
>
> If you don't know what you're doing, keep your grubby hands out of there. If
> you know what you're doing, you don't need us to tell you what to do.
>
> You don't know what you're doing, neither does the OP.
Yes, I do know, and I have done that *several* times (without any
problem, this far). I know it is a risky area, because you have
warned us several times, but I have not hit any issue yet...
you know, it would be really good if you give us a way of seriously
breaking the config by directly editing it (while keeping its format:
maximum line length, no comments, ...) Last time you just used your
"author right" to ask us to keep away of it, but never actually gave a
reason for it... and experience have shown me that nothing wrong has
happen (this far) however, after your warning, I'm always careful
while doing so, including: shutdown the service and backing up the
directory before touching its files.
>
>
>> /etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif
>>
>> And change that line:
>>
>> olcRootPW:: e1NTSEF9b085TTcyaUNnK2lKUVp1d2s3SENvZHpEOHFBS2c5VCs=
>>
>> Note this is bsae64 encoded, so, will need to generate it with
>> slappasswd and then encode it to base64, there are some online
>> encoders you could use.
>
>
> The first thing I would have done would be slapcat -n0 to see what all of
> the existing rootpw's were. They would all be base64 encoded; decode them to
> see if any of them are plaintext. If so, then the problem is already solved
> - you have the password.
Passwords are hashed by default on most distros, unfortunately :( .
>
>
>> Also, I believe there are olcRootPW per-database (I don't remember
>> seeing that on slapd.conf kind of configs, but I just saw it on the
>> slapd.d right now):
>
>
> Don't guess. RTFM. It's all stated there clearly.
yeah, I should read the manual to find out and be sure, but this was a
reply quickly written, so, I had to state somehow that I'm not sure.
Thanks!
Ildefonso Camargo