[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Changing rootdn password while it's in the db (not in slapd.conf)?

m h wrote:
I'll answer my own question!

On 2/8/07, m h <sesquile@gmail.com> wrote:

So, now back to my original issue. Updating the rootdn password. When I try the following it fails:: ldappasswd -x -v -S -w secret -D cn=Manager,dc=example,dc=com cn=Manager,dc=example,dc=com New password: Re-enter new password: ldap_initialize( <DEFAULT> ) Result: Insufficient access (50)

You silly person! You haven't set any ACLs! If you would have read here [1]
you would see how to create a group and set acl's in the slapd.conf file.

More to the point, you should not have deleted your rootdn from slapd.conf, only the rootpw. The rootdn directive is what tells slapd that a particular DN should be treated as the administrator. If you don't need an administrator identity, then you should of course delete the rootdn config. But if you *do* need one (and for 99.99% of deployments, you need one) then you should keep the rootdn defined.

The other possible answer to the original question - convert your slapd.conf configurations to dynamic configurations, and use ldapModify on the olcRootPW attributes in the cn=config database.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  Chief Architect, OpenLDAP     http://www.openldap.org/project/