[Date Prev][Date Next]
Re: Changing rootdn password while it's in the db (not in slapd.conf)?
m h wrote:
I'll answer my own question!
On 2/8/07, m h <firstname.lastname@example.org> wrote:
So, now back to my original issue. Updating the rootdn password.
When I try the following it fails::
ldappasswd -x -v -S -w secret -D cn=Manager,dc=example,dc=com
Re-enter new password:
ldap_initialize( <DEFAULT> )
Result: Insufficient access (50)
You silly person! You haven't set any ACLs! If you would have read
you would see how to create a group and set acl's in the slapd.conf file.
More to the point, you should not have deleted your rootdn from slapd.conf,
only the rootpw. The rootdn directive is what tells slapd that a particular
DN should be treated as the administrator. If you don't need an administrator
identity, then you should of course delete the rootdn config. But if you *do*
need one (and for 99.99% of deployments, you need one) then you should keep
the rootdn defined.
The other possible answer to the original question - convert your slapd.conf
configurations to dynamic configurations, and use ldapModify on the olcRootPW
attributes in the cn=config database.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
Chief Architect, OpenLDAP http://www.openldap.org/project/