[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: setting up admin password on openldap



Thank you so very much... That was it..... there was this another database defined at the end, which just said suffix="" (I am not sure what it meant, however, using slap cat I gave -b "" and then added it via slapadd again giving -b="" and it worked. after hashing the rootpw defined in the first database.

On 11/2/07, Buchan Milne <bgmilne@staff.telkomsa.net> wrote:
On Thursday 01 November 2007 18:59:56 Naufal Sheikh wrote:
> Hello,
>
> Well Finally I have got something. I have one last question though,
> regarding the concept, Below is the excerpt from my new slapd.conf:
>
> backend bdb
>
> database monitor
>
> database        bdb
> suffix          "o=trac"
> rootdn          "cn=nsadmin,o=trac"
>
>
> rootpw  plain-text password.
>
> When I write cn=nsadmin,o=trac in userDN box in ldap brwoser and give the
> password given in the plain text in slapd.conf it connects to the ldap
> server using the credentials.
>
> While in my old slapd.conf file which I was using as a reference the rootpw
> line is hashed and in rootdn it is only :cn-nsadmin" as follows:
>
> backend bdb
>
> database monitor
>
> database        bdb
> suffix          "o=trac"
> rootdn          "cn=nsadmin"
>
>
> #rootpw  secret.
>
> Rest both the configuration files are same. But on the old server I can
> still connect the ldap server through ldap browser using UserDn cn=nsadmin
> and the password. My question is how is that happening?


The DN exists in the directory (under a different suffix/database?), and the
password is set on the DN, in which case (since rootpw is commented out), the
DN is authenticated against the in-directory password.

> I have not really
> grasped this idea.
>
> Also nsadmin exists as a user

entry in LDAP.

> and I can see that it has a hashed password
> on my original server,

In the directory

> while on my new server since (probably i did not
> used hashed password in slapd.conf) it appears as the plain text.

But you can use an encrypted password, see the slappasswd command.

> If any
> one can please point me to the right section of the guide to understand or
> tell me in simple words!
>
> Thank you all for your help despite of vague questions and replies.


Regards,
Buchan