Re: Changing rootdn password while it's in the db (not in slapd.conf)?

[Howard Chu <hyc@symas.com>]

m h wrote:
> I'll answer my own question!
>
> On 2/8/07, m h <sesquile@gmail.com> wrote:
> > So, now back to my original issue.  Updating the rootdn password.
> > When I try the following it fails::
> >  ldappasswd -x -v -S -w secret -D cn=Manager,dc=example,dc=com
> > cn=Manager,dc=example,dc=com
> > New password:
> > Re-enter new password:
> > ldap_initialize( <DEFAULT> )
> > Result: Insufficient access (50)
>
> You silly person!  You haven't set any ACLs!  If you would have read 
> here [1]
> you would see how to create a group and set acl's in the slapd.conf file.

More to the point, you should not have deleted your rootdn from slapd.conf, 
only the rootpw. The rootdn directive is what tells slapd that a particular 
DN should be treated as the administrator. If you don't need an administrator 
identity, then you should of course delete the rootdn config. But if you *do* 
need one (and for 99.99% of deployments, you need one) then you should keep 
the rootdn defined.

The other possible answer to the original question - convert your slapd.conf 
configurations to dynamic configurations, and use ldapModify on the olcRootPW 
attributes in the cn=config database.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  Chief Architect, OpenLDAP     http://www.openldap.org/project/