Reset cn=Directory Manager password

From Brandonhutchinson.com

(Difference between revisions)
Jump to: navigation, search
Current revision (16:30, 3 June 2008) (edit) (undo)
 
(2 intermediate revisions not shown.)
Line 1: Line 1:
-
I used the following procedure to reset the '''cn=Directory Manager''' password on a Sun DSEE 6.3 LDAP server. I did not know the existing '''cn=Directory''' Manager password.
+
== Overview ==
 +
 
 +
I used the following procedure to reset a lost/forgotten '''cn=Directory Manager''' password on a Sun DSEE 6.3 LDAP server.
In this example, Sun DSEE 6.3 is installed in ''/opt/SUNWdsee'' with a directory server instance in ''/var/ds''.
In this example, Sun DSEE 6.3 is installed in ''/opt/SUNWdsee'' with a directory server instance in ''/var/ds''.
 +
 +
== Procedure ==
* Stop the directory server instance. (I don't know if the password can be changed to a running directory server.)
* Stop the directory server instance. (I don't know if the password can be changed to a running directory server.)
Line 14: Line 18:
* Change the '''nsslapd-rootpw''' line in ''config/dse.ldif'' to use the SSHA hash generated above.
* Change the '''nsslapd-rootpw''' line in ''config/dse.ldif'' to use the SSHA hash generated above.
# '''vi /var/ds/config/dse.ldif'''
# '''vi /var/ds/config/dse.ldif'''
 +
nsslapd-rootpw: {SSHA}sdhtz2s3JqaETqrkRxhWvrPTNCbec4o7y1o3OA==
* Start the directory server instance.
* Start the directory server instance.
# '''dsadm start /var/ds'''
# '''dsadm start /var/ds'''
 +
 +
== Links ==
 +
 +
* [http://www.openldap.org/faq/data/cache/347.html What are {SHA} and {SSHA} passwords and how do I generate them?]

Current revision

Overview

I used the following procedure to reset a lost/forgotten cn=Directory Manager password on a Sun DSEE 6.3 LDAP server.

In this example, Sun DSEE 6.3 is installed in /opt/SUNWdsee with a directory server instance in /var/ds.

Procedure

  • Stop the directory server instance. (I don't know if the password can be changed to a running directory server.)
# dsadm stop /var/ds
  • Generate the SSHA password hash. Sun DSEE 6.3 does not include/create getpwenc, a shell script front-end to pwdhash, but it does include the pwdhash utility needed to generate SSHA hashes.
$ /opt/SUNWdsee/ds6/bin/pwdhash
usage: /opt/SUNWdsee/ds6/bin/pwdhash -D instance-dir [-H] [-s scheme | -c comparepwd ] password...
$ /opt/SUNWdsee/ds6/bin/pwdhash -D /var/ds -s SSHA password
{SSHA}sdhtz2s3JqaETqrkRxhWvrPTNCbec4o7y1o3OA==
  • Change the nsslapd-rootpw line in config/dse.ldif to use the SSHA hash generated above.
# vi /var/ds/config/dse.ldif
nsslapd-rootpw: {SSHA}sdhtz2s3JqaETqrkRxhWvrPTNCbec4o7y1o3OA==
  • Start the directory server instance.
# dsadm start /var/ds

Links

Personal tools