[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How do I reset rootdn password?

On Sun, Feb 5, 2012 at 1:47 PM, Emmanuel Lecharny <elecharny@gmail.com> wrote:
> On 2/5/12 6:58 PM, Jose Ildefonso Camargo Tolosa wrote:
>> Hi Howard!  I had the feeling you would reply to my post :)
>> On Sat, Feb 4, 2012 at 9:41 PM, Howard Chu<hyc@symas.com>  wrote:
>>> Jose Ildefonso Camargo Tolosa wrote:
>>>> Hi,
>>>> On Sat, Feb 4, 2012 at 1:56 AM, Daniel Savard<dsavard@cids.ca>    wrote:
>>>>> I would like to know how to reset the rootpw in OpenLDAP 2.4?
>>>>> Do I need to recreate over the entire configuration database and the
>>>>> database itself or there is a trick?
>>>> Risking to be burned by the community, you could directly edit the
>>>> slapd.d files (this is NOT recommended, but you could risk doing it in
>>>> your case), this one in particular (shutdown slapd before doing this):
>>> If you don't know what you're doing, keep your grubby hands out of there.
>>> If
>>> you know what you're doing, you don't need us to tell you what to do.
>>> You don't know what you're doing, neither does the OP.
>> Yes, I do know, and I have done that *several* times (without any
>> problem, this far).  I know it is a risky area, because you have
>> warned us several times, but I have not hit any issue yet...
>> you know, it would be really good if you give us a way of seriously
>> breaking the config by directly editing it (while keeping its format:
>> maximum line length, no comments, ...)  Last time you just used your
>> "author right" to ask us to keep away of it, but never actually gave a
>> reason for it... and experience have shown me that nothing wrong has
>> happen (this far) however, after your warning, I'm always careful
>> while doing so, including: shutdown the service and backing up the
>> directory before touching its files.
> One very simple rational behind this choice is that, when running an LDAP
> server on a  24x7 production env (ie no service shutdown is allowed), with
> replication beetwen any servers, then simply modifying a file on a disk does
> not do the job.
> But I think Howard already explained that once, or maybe more than once...

Yeah you are right, but if you *can* face the time down: I can't see a
real problem (I actually love the feature that you don't have to
restart / shutdown the server to edit/apply the config, and very
seldom directly edit, only when doing small changes on a
no-yet-in-production environment).  However, I have never seen a
single case where it have failed when you directly edit it (if you
have one: please share! I'm really curious about it), I know there is
the case of replicated configurations (where directly editing the
configs becomes more complex) ... also, you are right: it have been
discussed before A LOT of times... still, no use case where it fails
(maybe I missed something).... all that I know is that it *could*
eventually fail (and thus I think it is just one of these things to be
careful with).