Infrastructure

  • Server Setup
  • LAMP Configuration
  • Network Design and Setup
  • Email Setup
  • Cloud: Amazon EC2, Google App Engine
  • Database: MySQL, PostgreSQL, Oracle, DB2

Mobile

  • iOS
  • Android
  • Blackberry
  • WebOS
  • HTML4 and HTML5

Web

  • HTML4, HTML5, JavaScript
  • Java, J2EE, Spring
  • Groovy, Grails
  • PHP
  • Perl
  • Google App Engine
  • SQL, PL/SQL
rss
«
»

How to Change OpenLDAP RootDN Password

Thursday, May 27, 2010
posted by ambrons

Here is an OpenLDAP quick tip to change the RootDN password via ldapmodify. This tip should work for most systems, but we used Ubuntu 10.04 and this guide for installing OpenLDAP.

The first thing you want to do is determine the DN (Distinguished Name) for the database that contains the RootDN password.  To do this we used the following LDAP search command. 

sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b  cn=config olcRootDN=cn=admin,dc=adac-solutions,dc=net dn olcRootDN olcRootPW

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
<strong>dn: olcDatabase={1}hdb,cn=config</strong>
olcRootDN: cn=admin,dc=adac-solutions,dc=net
olcRootPW: {MD5}G7ANWX3yX2TWqZo6iaTK6w==

We’ve highlighted the DN for our LDAP database above as it will be needed for the ldapmodify command. Before we run our ldapmodify command we’re going to use slappasswd to setup an encrypted password.  We choose MD5 for our password encryption.  Use the following command to generate a MD5 password to be used in OpenLDAP.

slappasswd -h {MD5}
New password:
Re-enter new password:
{MD5}BNrIr+DKUBWHutZva1zlrQ==

We’ve highlighted the MD5 password you will need to paste into ldapmodify.  The final step is to use ldapmodify to update the password.

sudo ldapmodify -Y EXTERNAL -H ldapi:///
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcDatabase={1}hdb,cn=config
replace: olcRootPW
olcRootPW: {MD5}BNrIr+DKUBWHutZva1zlrQ==

modifying entry "olcDatabase={1}hdb,cn=config"

The three lines above in bold must be typed by use.  As you can see we used the DN we looked up earlier, dn: olcDatabase={1}hdb,cn=config, this tells ldapmodify with object we plan to modify.  Next we enter replace: olcRootPW, this tells ldapmodify that we intend to replace the current value of olcRootPW attribute of object olcDatabase={1}hdb,cn=config.  Finally we update the value of olcRootPW with our password generated by slappasswd.


Tags: , , ,
This entry was posted on Thursday, May 27th, 2010 at 8:49 pm and is filed under Linux, tips and tricks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

ADAC Solutions, LLC is proudly powered by WordPress, Entries (RSS) and Comments (RSS)