ok...So i'm an ID10T!! LOL. But seriously, I setup an OpenLdap server and migrated /etc/passwd to it, and all is well: however, I did that months ago, and you guessed it, somehow I'm having a "senior" moment, and can't remember the psw for the rootdn, so that I can add another user to the Ldap server. I'm sure there is probably a way to decode the "hashed/encrypted" password. Any help would be greatly appreciated. I really don't want to have to delete everything and start again, but if that's what I must do, then so be it.
Thanks in advance,
Steve Francis Technical Advisor - zSeries, zLinux, z/OS IHG Alpharetta Data Center Ph: 770-442-7157 Cell: 770-906-3122 IM: francisihg
On 04/06/10 14:06, Francis, Steve (IHG) wrote:
ok...So i'm an ID10T!! LOL. But seriously, I setup an OpenLdap server and migrated /etc/passwd to it, and all is well: however, I did that months ago, and you guessed it, somehow I'm having a "senior" moment, and can't remember the psw for the rootdn, so that I can add another user to the Ldap server. I'm sure there is probably a way to decode the "hashed/encrypted" password. Any help would be greatly appreciated. I really don't want to have to delete everything and start again, but if that's what I must do, then so be it.
Thanks in advance,
Steve Francis Technical Advisor - zSeries, zLinux, z/OS IHG Alpharetta Data Center Ph: 770-442-7157 Cell: 770-906-3122 IM: francisihg
Hey,
how about to generate new password with % slappasswd; and change it in '/etc/openldap/slapd.conf' line with 'rootpw' ? :)
Zdenek
Le 06/04/2010 14:06, Francis, Steve (IHG) a écrit :
ok...So i'm an ID10T!! LOL. But seriously, I setup an OpenLdap server and migrated /etc/passwd to it, and all is well: however, I did that months ago, and you guessed it, somehow I'm having a "senior" moment, and can't remember the psw for the rootdn, so that I can add another user to the Ldap server. I'm sure there is probably a way to decode the "hashed/encrypted" password. Any help would be greatly appreciated. I really don't want to have to delete everything and start again, but if that's what I must do, then so be it.
You can simply change the rootdn's password in the configuration file or configuration backend:
http://www.openldap.org/doc/admin24/slapdconfig.html#rootpw%20%3Cpassword%3E
Hope this helps Jonathan
On Tue, Apr 06, 2010 at 08:06:23AM -0400, Francis, Steve (IHG) wrote:
ok...So i'm an ID10T!! LOL. But seriously, I setup an OpenLdap server and migrated /etc/passwd to it, and all is well: however, I did that months ago, and you guessed it, somehow I'm having a "senior" moment, and can't remember the psw for the rootdn, so that I can add another user to the Ldap server. I'm sure there is probably a way to decode the "hashed/encrypted" password. Any help would be greatly appreciated. I really don't want to have to delete everything and start again, but if that's what I must do, then so be it.
There is no way to decrypt the hashed password short of doing a brute-force dictionary attack on it. That is the whole point of hashing it.
You do not need to delete the data. Just generate a new hashed password (use slappasswd) and put it into the slapd.conf file with a text editor. Restart slapd and all is well.
Andrew
Hello Steve,
I guess you could issue another LDAP master password with:
$ slappasswd
And substitute that hash in "rootpw" on /etc/openldap/slapd.conf and restart your LDAP server.
I think you are good to go that way.
Cheers, Sérgio
On 04/06/2010 01:06 PM, Francis, Steve (IHG) wrote:
ok...So i'm an ID10T!! LOL. But seriously, I setup an OpenLdap server and migrated /etc/passwd to it, and all is well: however, I did that months ago, and you guessed it, somehow I'm having a "senior" moment, and can't remember the psw for the rootdn, so that I can add another user to the Ldap server. I'm sure there is probably a way to decode the "hashed/encrypted" password. Any help would be greatly appreciated. I really don't want to have to delete everything and start again, but if that's what I must do, then so be it. Thanks in advance, *Steve Francis* *Technical Advisor - zSeries, zLinux, z/OS* IHG Alpharetta Data Center Ph: 770-442-7157 Cell: 770-906-3122 IM: francisihg
Thanks. All better now. LOL!
Steve Francis Technical Advisor - zSeries, zLinux, z/OS IHG Alpharetta Data Center Ph: 770-442-7157 Cell: 770-906-3122 IM: francisihg
________________________________
From: Sérgio Afonso [mailto:safonso@reit.up.pt] Sent: Tuesday, April 06, 2010 9:30 AM To: Francis, Steve (IHG) Cc: openldap-technical@openldap.org Subject: Re: forgotten rootdn psw
Hello Steve,
I guess you could issue another LDAP master password with:
$ slappasswd
And substitute that hash in "rootpw" on /etc/openldap/slapd.conf and restart your LDAP server.
I think you are good to go that way.
Cheers, Sérgio
On 04/06/2010 01:06 PM, Francis, Steve (IHG) wrote:
ok...So i'm an ID10T!! LOL. But seriously, I setup an OpenLdap server and migrated /etc/passwd to it, and all is well: however, I did that months ago, and you guessed it, somehow I'm having a "senior" moment, and can't remember the psw for the rootdn, so that I can add another user to the Ldap server. I'm sure there is probably a way to decode the "hashed/encrypted" password. Any help would be greatly appreciated. I really don't want to have to delete everything and start again, but if that's what I must do, then so be it. Thanks in advance, Steve Francis Technical Advisor - zSeries, zLinux, z/OS IHG Alpharetta Data Center Ph: 770-442-7157 Cell: 770-906-3122 IM: francisihg
If you're using slapd.conf then:
1. run slappasswd 2. replace the rootpw value in the slapd.conf file with the value given 3. restart slapd
If you're using slapd.d (cn=config):
1. run slappasswd 2. find the cn=config olcDatabase entry you wish to change the passwd for 3. update the value for olcRootPW with the one given in (1) 4. restart slapd
Adam
On Tue, Apr 6, 2010 at 8:06 AM, Francis, Steve (IHG) Steve.Francis@ihg.comwrote:
ok...So i'm an ID10T!! LOL. But seriously, I setup an OpenLdap server and migrated /etc/passwd to it, and all is well: however, I did that months ago, and you guessed it, somehow I'm having a "senior" moment, and can't remember the psw for the rootdn, so that I can add another user to the Ldap server. I'm sure there is probably a way to decode the "hashed/encrypted" password. Any help would be greatly appreciated. I really don't want to have to delete everything and start again, but if that's what I must do, then so be it.
Thanks in advance,
*Steve Francis* *Technical Advisor - zSeries, zLinux, z/OS* IHG Alpharetta Data Center Ph: 770-442-7157 Cell: 770-906-3122 IM: francisihg
openldap-technical@openldap.org
-
Adam Leach -
Andrew Findlay -
Francis, Steve (IHG) -
Jonathan Clarke -
Sérgio Afonso -
Zdenek Styblik