1. Log into the LDAP server as root, or have root privilege
2. Get the current RootDN information:
# RootDN account and the current RootDN password hash are available
# in "cn=config" configuration DIT
# ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW | tee ~/new_admin_passwd.ldif
# cat ~/new_admin_passwd.ldif
dn: olcDatabase={0}config,cn=config
olcRootDN: cn=admin,cn=config
olcRootPW: {SSHA}43214321fdasfdsafadsfdasfsafdsaf
dn: olcDatabase={1}hdb,cn=config
olcRootDN: cn=admin,dc=lixu,dc=ca
olcRootPW: {SSHA}ssHm0j9WZBssfdsafadsfdasfsafdsaf
3. From step 2, you should get the "HASH"ed RootDN password. If you have multiple values of "dn"s, delete the other "dn", "olcRootDN", "olcRootPW" and only keep the one you need to modify (In our case, dc=lixu,dc=ca). Now let's hasing a new one by using "slappasswd":
# /usr/sbin/slappasswd -h {SSHA} >> ~/new_admin_passwd.ldif
# cat ~/new_admin_passwd.ldif
dn: olcDatabase={1}hdb,cn=config
olcRootDN: cn=admin,dc=lixu,dc=ca
olcRootPW: {SSHA}ssHm0j9WZBssfdsafadsfdasfsafdsaf
{SSHA}lieJW/YlN5ps6Gn533tJuyY6iRtgSTQw
Now you have the newly generated password.
4. Now comment out the "olcRootDN" line matches the account you are trying to modify, and update the file to:
dn: olcDatabase={1}hdb,cn=config
#olcRootDN: cn=admin,dc=lixu,dc=ca
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}lieJW/YlN5ps6Gn533tJuyY6iRtgSTQw
5. Apply the change:
# ldapmodify -H ldapi:// -Y EXTERNAL -f ~/new_admin_passwd.ldif
The administrative password should be updated to the new one.
No comments:
Post a Comment