Re: Reset admin pass
Thanks for the example. I have Debian 9. Changing the example for my values.
ldapmodify -Y EXTERNAL -H ldapi:/// -f change.ldif
I get an error ldapmodify: wrong attributeType at line 10, entry "
olcDatabase={0}config, cn=config»
If you don't mind please tell me what I'm doing wrong
20 нояб. 2020 г., в 23:35, Quanah Gibson-Mount
<quanah(a)symas.com> написал(а):
--On Friday, November 20, 2020 10:50 AM +0000 Клеусов Владимир Сергеевич
<Kleusov.Vladimir(a)wildberries.ru> wrote:
> Right ?
> Sorry for being so detailed...
You should be able to do all of the modifications necessary as two operations inside a
single LDIF file. Additionally, since you previously set olcMirrorMode to true,
there's no need to do it again.
As an aside, I would note that the hdb backend is deprecated and you are encouraged to
migrate to using the MDB backend instead. You've also not stated what release of
OpenLDAP you are using, but I'd strongly advise using no earlier than 2.4.54. It
generally appears you're on RHEL7 based on the changes you noted. If that's
correct, Symas offers free replacement packages that are up to date at:
<https://repo.symas.com/sofl/rhel7/>;. The LTB project also offers current builds
for a variety of platforms at <https://ltb-project.org/download>;.
Example LDIF file for doing the necessary changes:
cat > /tmp/change.ldif << EOF
dn: olcDatabase={0}config, cn=config
changetype: modify
replace: olcRootPW
olcRootPW: newpass
-
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://ldap1.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=newpass
binddn="cn=admin,cn=config"
tls_reqcert=never
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=002
provider=ldaps://ldap2.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=newpass
binddn="cn=admin,cn=config"
tls_reqcert=never type=refreshAndPersist
retry="30 +"
timeout=1
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: newpass
-
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://ldap1.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=newpass
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=002
provider=ldaps://ldap2.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=newpass
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
EOF
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>