[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How do I reset rootdn password?

To: Howard Chu <hyc@symas.com>
Subject: Re: How do I reset rootdn password?
From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo@gmail.com>
Date: Sun, 5 Feb 2012 13:28:19 -0430
Cc: dsavard@cids.ca, openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=s/dgyTo+oPQHp/+MRyuoIjT0Ytt42WO+M66bGteZNTU=; b=iKiPLzfFAU91otW/s1iXIt25qFm0RudABTdrzkwhx1ABodaJ4GtvDl4K5MF6zVZW50 G/yxSw3cbSKTEOBIWXwMqIDaUUuTx9xZjDfj1XXLDJd4KGN2y8NxorYbWL+kpHKQXGvU T8q0tRcdsOhmPWadlabUNM07UpRfuF/IxVW+Y=
In-reply-to: <4F2DE535.7090204@symas.com>
References: <1328336778.729.2.camel@feynman.cids.ca> <CAETJ_S9ki4ibLnRvmievbWUSUOJbASg5pu9BD_tpuiBtTrxi3g@mail.gmail.com> <4F2DE535.7090204@symas.com>

Hi Howard!  I had the feeling you would reply to my post :)

On Sat, Feb 4, 2012 at 9:41 PM, Howard Chu <hyc@symas.com> wrote:
> Jose Ildefonso Camargo Tolosa wrote:
>>
>> Hi,
>>
>> On Sat, Feb 4, 2012 at 1:56 AM, Daniel Savard<dsavard@cids.ca>  wrote:
>>>
>>> I would like to know how to reset the rootpw in OpenLDAP 2.4?
>>>
>>> Do I need to recreate over the entire configuration database and the
>>> database itself or there is a trick?
>>
>>
>> Risking to be burned by the community, you could directly edit the
>> slapd.d files (this is NOT recommended, but you could risk doing it in
>> your case), this one in particular (shutdown slapd before doing this):
>
>
> If you don't know what you're doing, keep your grubby hands out of there. If
> you know what you're doing, you don't need us to tell you what to do.
>
> You don't know what you're doing, neither does the OP.

Yes, I do know, and I have done that *several* times (without any
problem, this far).  I know it is a risky area, because you have
warned us several times, but I have not hit any issue yet...

you know, it would be really good if you give us a way of seriously
breaking the config by directly editing it (while keeping its format:
maximum line length, no comments, ...)  Last time you just used your
"author right" to ask us to keep away of it, but never actually gave a
reason for it... and experience have shown me that nothing wrong has
happen (this far) however, after your warning, I'm always careful
while doing so, including: shutdown the service and backing up the
directory before touching its files.

>
>
>> /etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif
>>
>> And change that line:
>>
>> olcRootPW:: e1NTSEF9b085TTcyaUNnK2lKUVp1d2s3SENvZHpEOHFBS2c5VCs=
>>
>> Note this is bsae64 encoded, so, will need to generate it with
>> slappasswd and then encode it to base64, there are some online
>> encoders you could use.
>
>
> The first thing I would have done would be slapcat -n0 to see what all of
> the existing rootpw's were. They would all be base64 encoded; decode them to
> see if any of them are plaintext. If so, then the problem is already solved
> - you have the password.

Passwords are hashed by default on most distros, unfortunately :( .

>
>
>> Also, I believe there are olcRootPW per-database (I don't remember
>> seeing that on slapd.conf kind of configs, but I just saw it on the
>> slapd.d right now):
>
>
> Don't guess. RTFM. It's all stated there clearly.

yeah, I should read the manual to find out and be sure, but this was a
reply quickly written, so, I had to state somehow that I'm not sure.

Thanks!

Ildefonso Camargo

Follow-Ups:
- Re: How do I reset rootdn password?
  - From: Emmanuel Lecharny <elecharny@gmail.com>

References:
- How do I reset rootdn password?
  - From: Daniel Savard <dsavard@cids.ca>
- Re: How do I reset rootdn password?
  - From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo@gmail.com>
- Re: How do I reset rootdn password?
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Accursed LDAP+SSL Breakage When Using libgcrypt
Next by Date: Re: How do I reset rootdn password?
Index(es):
- Chronological
- Thread