[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: setting up admin password on openldap

Hello Piotr,

I tried to do what you said. Initially my root dn just contained cn=nsadmin, and thus I caould not start slapd. Then I added to rootdn my suffix as well, and unhashed the rootpw line in slapd.conf. I tried using a clear text "secret" as well as hashed value created through slappasswd and putting it in the slapd.conf. In both cases, when I modify the entry and it asks me to give ldap password, it says invalid credentials.

On 10/28/07, Piotr Wadas < pwadas@jewish.org.pl> wrote:

On Fri, 26 Oct 2007, Naufal Sheikh wrote:

> Hi,
> Can any one please give me a pointer on how to setup an admin password on
> ldap. my sladp.config file does not hold any password and the line is
> hashed. It gives an error about something needing to be in suffix. I am not
> sure what it is, but it is working fine on the production system from which
> I am trying to migrate.
> I have successfully installed openldap on my linux system and it never asked
> me for any password in the installation. Also I have imported the ldiff from
> the production system. It has an entry of admin but has no password, while
> on production system somehow the password is set.

Look into manpage for slapd.conf, and add rootdn and rootpw directives
into slapd.conf configuration file, after appropriate "database" keyword.
Then, bind to ldap in with these credentials, and, if you wish, add ldap
object, with DN accordingly to rootdn, set password attribute using any
ldap browser - finally, you can remove rootpw from slapd.conf, to make
authorization check against database-stored password only. AFAIR any root
dn you'll set in rootdn directive must stay "below" related database
suffix ("cn=Directory Manager,dc=foo" cannot be rootdn of database
available under dc=bar suffix - or any other than "dc=foo" - suffix).