Hi Howard! I had the feeling you would reply to my post :)
On Sat, Feb 4, 2012 at 9:41 PM, Howard Chu hyc@symas.com wrote:
Jose Ildefonso Camargo Tolosa wrote:
Hi,
On Sat, Feb 4, 2012 at 1:56 AM, Daniel Savarddsavard@cids.ca wrote:
I would like to know how to reset the rootpw in OpenLDAP 2.4?
Do I need to recreate over the entire configuration database and the database itself or there is a trick?
Risking to be burned by the community, you could directly edit the slapd.d files (this is NOT recommended, but you could risk doing it in your case), this one in particular (shutdown slapd before doing this):
If you don't know what you're doing, keep your grubby hands out of there. If you know what you're doing, you don't need us to tell you what to do.
You don't know what you're doing, neither does the OP.
Yes, I do know, and I have done that *several* times (without any problem, this far). I know it is a risky area, because you have warned us several times, but I have not hit any issue yet...
you know, it would be really good if you give us a way of seriously breaking the config by directly editing it (while keeping its format: maximum line length, no comments, ...) Last time you just used your "author right" to ask us to keep away of it, but never actually gave a reason for it... and experience have shown me that nothing wrong has happen (this far) however, after your warning, I'm always careful while doing so, including: shutdown the service and backing up the directory before touching its files.
/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif
And change that line:
olcRootPW:: e1NTSEF9b085TTcyaUNnK2lKUVp1d2s3SENvZHpEOHFBS2c5VCs=
Note this is bsae64 encoded, so, will need to generate it with slappasswd and then encode it to base64, there are some online encoders you could use.
The first thing I would have done would be slapcat -n0 to see what all of the existing rootpw's were. They would all be base64 encoded; decode them to see if any of them are plaintext. If so, then the problem is already solved
- you have the password.
Passwords are hashed by default on most distros, unfortunately :( .
Also, I believe there are olcRootPW per-database (I don't remember seeing that on slapd.conf kind of configs, but I just saw it on the slapd.d right now):
Don't guess. RTFM. It's all stated there clearly.
yeah, I should read the manual to find out and be sure, but this was a reply quickly written, so, I had to state somehow that I'm not sure.
Thanks!
Ildefonso Camargo