--On Thursday, November 19, 2020 11:41 AM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Hi.
How do I change the admin password correctly and not break replication ? =)
here when setting up replication the password was mentioned
It appears you've set up cn=config replication. I would warn that replicating cn=config in OpenLDAP 2.4 has known issues and is not advised. Replicating an underlying binary db (such as a back-mdb database) is fine. In the latter case, best practice is to use a replication specific identity for doing the replication and not the rootdn.
As far as your overall question goes, you would want to:
a) update the olcRootPW value in cn=config
b) update the olcSyncrepl attribute values with the new password
Something like:
ldapmodify <options>
dn: olcDatabase={0}config,cn=config changetype: modify replace: olcRootPW olcRootPW: mynewpassword - dn: olcDatabase={0}config,cn=config changetype: modify replace: olcSyncRepl olcSyncRepl: .... olcSyncRepl: ....
I would note that these updates should not affect/break *existing* replication connections. I.e., there would be no effect until slapd is restarted.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com