Re: Reset admin pass

Friday, 20 November 2020

--On Friday, November 20, 2020 10:50 AM +0000 Клеусов 
Владимир Сергеевич <Kleusov.Vladimir(a)wildberries.ru&gt; wrote:

...
 Right ?
 Sorry for being so detailed... 
You should be able to do all of the modifications necessary as two 
operations inside a single LDIF file. Additionally, since you previously 
set olcMirrorMode to true, there's no need to do it again.

As an aside, I would note that the hdb backend is deprecated and you are 
encouraged to migrate to using the MDB backend instead.  You've also not 
stated what release of OpenLDAP you are using, but I'd strongly advise 
using no earlier than 2.4.54.  It generally appears you're on RHEL7 based 
on the changes you noted.  If that's correct, Symas offers free replacement 
packages that are up to date at: <https://repo.symas.com/sofl/rhel7/>;.  The 
LTB project also offers current builds for a variety of platforms at 
<https://ltb-project.org/download>;.

Example LDIF file for doing the necessary changes:

cat > /tmp/change.ldif << EOF
dn: olcDatabase={0}config, cn=config
changetype: modify
replace: olcRootPW
olcRootPW: newpass
-
replace: olcSyncRepl
olcSyncRepl: rid=001
  provider=ldaps://ldap1.domain.com
  searchbase="cn=config"
  bindmethod=simple
  credentials=newpass
  binddn="cn=admin,cn=config"
  tls_reqcert=never
  type=refreshAndPersist
  retry="30 +"
  timeout=1
olcSyncRepl: rid=002
  provider=ldaps://ldap2.domain.com
  searchbase="cn=config"
  bindmethod=simple
  credentials=newpass
  binddn="cn=admin,cn=config"
  tls_reqcert=never type=refreshAndPersist
  retry="30 +"
  timeout=1

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: newpass
-
replace: olcSyncRepl
olcSyncRepl: rid=001
  provider=ldaps://ldap1.domain.com
  searchbase="dc=domain,dc=com"
  bindmethod=simple
  credentials=newpass
  binddn="cn=admin,dc=domain,dc=com"
  tls_reqcert=allow
  type=refreshAndPersist
  retry="30 +"
  timeout=1
olcSyncRepl: rid=002
  provider=ldaps://ldap2.domain.com
  searchbase="dc=domain,dc=com"
  bindmethod=simple
  credentials=newpass
  binddn="cn=admin,dc=domain,dc=com"
  tls_reqcert=allow
  type=refreshAndPersist
  retry="30 +"
  timeout=1
EOF

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: Reset admin pass