Hi.
How do I change the admin password correctly and not break replication ? =)
here when setting up replication the password was mentioned
dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: 123 And
dn: olcDatabase={0}config,cn=config changetype: modify replace: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase="cn=config" bindmethod=simple credentials=123 binddn="cn=admin,cn=config" tls_reqcert=never type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase="cn=config" bindmethod=simple credentials=123 binddn="cn=admin,cn=config" tls_reqcert=never type=refreshAndPersist retry="30 +" timeout=1 tls_reqcert=never type=refreshAndPersist retry="5 5 300 5" timeout=1 - replace: olcMirrorMode olcMirrorMode: TRUE
--On Thursday, November 19, 2020 11:41 AM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Hi.
How do I change the admin password correctly and not break replication ? =)
here when setting up replication the password was mentioned
It appears you've set up cn=config replication. I would warn that replicating cn=config in OpenLDAP 2.4 has known issues and is not advised. Replicating an underlying binary db (such as a back-mdb database) is fine. In the latter case, best practice is to use a replication specific identity for doing the replication and not the rootdn.
As far as your overall question goes, you would want to:
a) update the olcRootPW value in cn=config
b) update the olcSyncrepl attribute values with the new password
Something like:
ldapmodify <options>
dn: olcDatabase={0}config,cn=config changetype: modify replace: olcRootPW olcRootPW: mynewpassword - dn: olcDatabase={0}config,cn=config changetype: modify replace: olcSyncRepl olcSyncRepl: .... olcSyncRepl: ....
I would note that these updates should not affect/break *existing* replication connections. I.e., there would be no effect until slapd is restarted.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Thanks
It was also configured dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=domain,dc=com - replace: olcRootDN olcRootDN: cn=admin,dc=domain,dc=com - replace: olcRootPW olcRootPW: 123 - replace: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=123 binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=123 binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE
Plan for changing the replication administrator password when
1) On the same server. For example, ldap1.domain.comhttp://ldap1.domain.com
slappasswd -h {SSHA}
Enter a new password, such as newpass {SSHA}fx6qbwq5h4mzDAzD+ft5kA+b0uVA+29t
Create a newpasswd.ldif file cat newpasswd. LDIF file format dn: olcDatabase={1}hdb,cn=config olcRootDN: cn=admin,dc=domain,dc=com olcRootPW: {SSHA}fx6qbwq5h4mzDAzD+ft5kA+b0uVA+29t
To perform ldapmodify -H ldapi:// -Y EXTERNAL -f newpasswd.ldif
Create a root file.ldif format
dn: olcDatabase={0}config, cn=config changetype: modify add: olcRootPW olcRootPW: newpass
Run ldapmodify -H ldapi:// -Y EXTERNAL -f root.ldif
Create a repl.ldif
dn: olcDatabase={0}config,cn=config changetype: modify replace: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase="cn=config" bindmethod=simple credentials=newpass binddn="cn=admin,cn=config" tls_reqcert=never type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase="cn=config" bindmethod=simple credentials=newpass binddn="cn=admin,cn=config" tls_reqcert=never type=refreshAndPersist retry="30 +" timeout=1 - replace: olcMirrorMode olcMirrorMode: TRUE ldapmodify -Y EXTERNAL -H ldapi:/// -f repl.ldif
Create file dbrepl.ldif dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=domain,dc=com - replace: olcRootDN olcRootDN: cn=admin,dc=domain,dc=com - replace: olcRootPW olcRootPW: newpass - replace: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=newpass binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=newpass binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE
service slapd restart
2) on the second server , service slapd restart
Right ? Sorry for being so detailed...
20 нояб. 2020 г., в 02:37, Quanah Gibson-Mount <quanah@symas.commailto:quanah@symas.com> написал(а):
--On Thursday, November 19, 2020 11:41 AM +0000 Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.rumailto:Kleusov.Vladimir@wildberries.ru> wrote:
Hi.
How do I change the admin password correctly and not break replication ? =)
here when setting up replication the password was mentioned
It appears you've set up cn=config replication. I would warn that replicating cn=config in OpenLDAP 2.4 has known issues and is not advised. Replicating an underlying binary db (such as a back-mdb database) is fine. In the latter case, best practice is to use a replication specific identity for doing the replication and not the rootdn.
As far as your overall question goes, you would want to:
a) update the olcRootPW value in cn=config
b) update the olcSyncrepl attribute values with the new password
Something like:
ldapmodify <options>
dn: olcDatabase={0}config,cn=config changetype: modify replace: olcRootPW olcRootPW: mynewpassword - dn: olcDatabase={0}config,cn=config changetype: modify replace: olcSyncRepl olcSyncRepl: .... olcSyncRepl: ....
I would note that these updates should not affect/break *existing* replication connections. I.e., there would be no effect until slapd is restarted.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Friday, November 20, 2020 10:50 AM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Right ? Sorry for being so detailed...
You should be able to do all of the modifications necessary as two operations inside a single LDIF file. Additionally, since you previously set olcMirrorMode to true, there's no need to do it again.
As an aside, I would note that the hdb backend is deprecated and you are encouraged to migrate to using the MDB backend instead. You've also not stated what release of OpenLDAP you are using, but I'd strongly advise using no earlier than 2.4.54. It generally appears you're on RHEL7 based on the changes you noted. If that's correct, Symas offers free replacement packages that are up to date at: https://repo.symas.com/sofl/rhel7/. The LTB project also offers current builds for a variety of platforms at https://ltb-project.org/download.
Example LDIF file for doing the necessary changes:
cat > /tmp/change.ldif << EOF dn: olcDatabase={0}config, cn=config changetype: modify replace: olcRootPW olcRootPW: newpass - replace: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase="cn=config" bindmethod=simple credentials=newpass binddn="cn=admin,cn=config" tls_reqcert=never type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase="cn=config" bindmethod=simple credentials=newpass binddn="cn=admin,cn=config" tls_reqcert=never type=refreshAndPersist retry="30 +" timeout=1
dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcRootPW olcRootPW: newpass - replace: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=newpass binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=newpass binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 EOF
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Thanks for the example. I have Debian 9. Changing the example for my values. ldapmodify -Y EXTERNAL -H ldapi:/// -f change.ldif I get an error ldapmodify: wrong attributeType at line 10, entry " olcDatabase={0}config, cn=config»
If you don't mind please tell me what I'm doing wrong
20 нояб. 2020 г., в 23:35, Quanah Gibson-Mount quanah@symas.com написал(а):
--On Friday, November 20, 2020 10:50 AM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Right ? Sorry for being so detailed...
You should be able to do all of the modifications necessary as two operations inside a single LDIF file. Additionally, since you previously set olcMirrorMode to true, there's no need to do it again.
As an aside, I would note that the hdb backend is deprecated and you are encouraged to migrate to using the MDB backend instead. You've also not stated what release of OpenLDAP you are using, but I'd strongly advise using no earlier than 2.4.54. It generally appears you're on RHEL7 based on the changes you noted. If that's correct, Symas offers free replacement packages that are up to date at: https://repo.symas.com/sofl/rhel7/. The LTB project also offers current builds for a variety of platforms at https://ltb-project.org/download.
Example LDIF file for doing the necessary changes:
cat > /tmp/change.ldif << EOF dn: olcDatabase={0}config, cn=config changetype: modify replace: olcRootPW olcRootPW: newpass
replace: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase="cn=config" bindmethod=simple credentials=newpass binddn="cn=admin,cn=config" tls_reqcert=never type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase="cn=config" bindmethod=simple credentials=newpass binddn="cn=admin,cn=config" tls_reqcert=never type=refreshAndPersist retry="30 +" timeout=1
dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcRootPW olcRootPW: newpass
replace: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=newpass binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=newpass binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 EOF
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Thursday, November 26, 2020 2:08 PM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Thanks for the example. I have Debian 9. Changing the example for my values. ldapmodify -Y EXTERNAL -H ldapi:/// -f change.ldif I get an error ldapmodify: wrong attributeType at line 10, entry " olcDatabase={0}config, cn=config»
It looks like there's an extra space in the dn?
" olcDatabase={0}config, cn=config"
Not sure if that's just a typo when pasting.
Also, I would note that if there are trailing spaces, for example if you have:
"replace: olcSyncrepl "
instead of:
"replace: olcSyncrepl"
You'll get a similar error message.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Hi,
Thanks. I checked the extra spaces. To be honest, I didn't find any extra spaces. Here is the contents of my file:
dn: olcDatabase={0}config,cn=config changetype: modify replace: olcRootPW olcRootPW: newpass! - replace: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase="cn=config" bindmethod=simple credentials=newpass! binddn="cn=admin,cn=config" tls_reqcert=never type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase="cn=config" bindmethod=simple credentials=newpass! binddn="cn=admin,cn=config" tls_reqcert=never type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=003 provider=ldaps://ldap3.domain.com searchbase="cn=config" bindmethod=simple credentials=newpass! binddn="cn=admin,cn=config" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcRootPW olcRootPW: newpass! - replace: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=newpass! binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=newpass! binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=003 provider=ldaps://ldap3.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=newpass! binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1
Error ldapmodify: wrong attributeType at line 10, entry "olcDatabase={0}config,cn=config»
If I understand correctly 10 line bindmethod=simple
If possible any help
1 дек. 2020 г., в 23:56, Quanah Gibson-Mount quanah@symas.com написал(а):
--On Thursday, November 26, 2020 2:08 PM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Thanks for the example. I have Debian 9. Changing the example for my values. ldapmodify -Y EXTERNAL -H ldapi:/// -f change.ldif I get an error ldapmodify: wrong attributeType at line 10, entry " olcDatabase={0}config, cn=config»
It looks like there's an extra space in the dn?
" olcDatabase={0}config, cn=config"
Not sure if that's just a typo when pasting.
Also, I would note that if there are trailing spaces, for example if you have:
"replace: olcSyncrepl "
instead of:
"replace: olcSyncrepl"
You'll get a similar error message.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Wednesday, December 2, 2020 8:08 AM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Hi,
Thanks. I checked the extra spaces. To be honest, I didn't find any extra spaces. Here is the contents of my file:
You're missing a newline before the
dn: olcDatabase={1}mdb,cn=config
line. This is necessary to indicate that a new record is being dealt with. That would also be line 10 of the change modification, so the error is correct.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
I added a new line. So the file is like this:
dn: olcDatabase={0}config,cn=config changetype: modify replace: olcRootPW olcRootPW: newpass! - replace: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase="cn=config" bindmethod=simple credentials=newpass! binddn="cn=admin,cn=config" tls_reqcert=never type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase="cn=config" bindmethod=simple credentials=newpass! binddn="cn=admin,cn=config" tls_reqcert=never type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=003 provider=ldaps://ldap3.domain.com searchbase="cn=config" bindmethod=simple credentials=newpass! binddn="cn=admin,cn=config" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcRootPW olcRootPW: newpass! - replace: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=newpass! binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=newpass! binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1 olcSyncRepl: rid=003 provider=ldaps://ldap3.domain.com searchbase="dc=domain,dc=com" bindmethod=simple credentials=newpass! binddn="cn=admin,dc=domain,dc=com" tls_reqcert=allow type=refreshAndPersist retry="30 +" timeout=1
Error
ldap_modify: Other (e.g., implementation specific) error (80) additional info: Error: parse_syncrepl_line: unable to parse syncrepl id "001provider=ldaps://ldap1.domain.comsearchbase="cn=config"bindmethod=simplecredentials=newpass!binddn="cn=admin,cn=config"tls_reqcert=nevertype=refreshAndPersistretry="30 +Tim
If slapcat -b "cn=config" | egrep rid
olcSyncrepl: {0}rid=001 provider=ldaps://ldap1.domain.com olcSyncrepl: {1}rid=002 provider=ldaps://ldap2.domain.com olcSyncrepl: {2}rid=003 provider=ldaps://ldap3.domain.com olcSyncrepl: {0}rid=001 provider=ldaps://ldap1.domain.com olcSyncrepl: {1}rid=002 provider=ldaps://ldap2.domain.com olcSyncrepl: {2}rid=003 provider=ldaps://ldap3.domain.com
Theoretically, why is there a different indent between {0}rid=001 provider=ldap://ldap 1.domain.comhttp://1.domain.com in different lines ?
2 дек. 2020 г., в 23:11, Quanah Gibson-Mount <quanah@symas.commailto:quanah@symas.com> написал(а):
--On Wednesday, December 2, 2020 8:08 AM +0000 Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.rumailto:Kleusov.Vladimir@wildberries.ru> wrote:
Hi,
Thanks. I checked the extra spaces. To be honest, I didn't find any extra spaces. Here is the contents of my file:
You're missing a newline before the
dn: olcDatabase={1}mdb,cn=config
line. This is necessary to indicate that a new record is being dealt with. That would also be line 10 of the change modification, so the error is correct.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Thursday, December 3, 2020 8:26 AM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
I added a new line. So the file is like this:
Your email does not show any new line. I would suggest sending a pastebin or similar link, since the text appears to being reformatted.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Here's pastebin https://pastebin.com/ysM8ezVF
4 дек. 2020 г., в 00:14, Quanah Gibson-Mount <quanah@symas.commailto:quanah@symas.com> написал(а):
--On Thursday, December 3, 2020 8:26 AM +0000 Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.rumailto:Kleusov.Vladimir@wildberries.ru> wrote:
I added a new line. So the file is like this:
Your email does not show any new line. I would suggest sending a pastebin or similar link, since the text appears to being reformatted.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Friday, December 4, 2020 7:36 AM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Here's pastebin https://pastebin.com/ysM8ezVF
You seem to have stripped the leading spaces that mark a line continuation in LDIF for the olcSyncrepl attr values, which is why you're getting this error.
See https://paste.centos.org/view/c3982f6a
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
If https://pastebin.com/FP8P9ujN
error
ldap_modify: Other (e.g., implementation specific) error (80) additional info: Error: parse_syncrepl_line: unable to parse syncrepl id "001provider=ldaps://ldap1.domain.comsearchbase="cn=config"bindmethod=simplecredentials=newpass!binddn="cn=admin,cn=config"tls_reqcert=nevertype=refreshAndPersistretry="30 +tim
4 дек. 2020 г., в 19:38, Quanah Gibson-Mount <quanah@symas.commailto:quanah@symas.com> написал(а):
--On Friday, December 4, 2020 7:36 AM +0000 Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.rumailto:Kleusov.Vladimir@wildberries.ru> wrote:
Here's pastebin https://pastebin.com/ysM8ezVF
You seem to have stripped the leading spaces that mark a line continuation in LDIF for the olcSyncrepl attr values, which is why you're getting this error.
See https://paste.centos.org/view/c3982f6a
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Monday, December 7, 2020 8:02 AM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
I strongly advise reading up on LDIF format. You clearly have only a single space, when 2 spaces is required here.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Thanks.
Final version https://pastebin.com/sKE4EL2U
I applied and then rebooted all the ldap servers
But now I can use two admin passwords (old and new) Can I only make one password ? I check it like this ldapsearch -W -H ldaps://ldap1.domain.com:636 -x -D "cn=admin,dc=domain,dc=com" -b «dc=domain,dc=com" -s sub "(cn=*)"
7 дек. 2020 г., в 18:58, Quanah Gibson-Mount quanah@symas.com написал(а):
--On Monday, December 7, 2020 8:02 AM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
I strongly advise reading up on LDIF format. You clearly have only a single space, when 2 spaces is required here.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Wednesday, December 9, 2020 10:27 AM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Thanks.
Final version https://pastebin.com/sKE4EL2U
I applied and then rebooted all the ldap servers
There should be no reason to reboot. If you wanted to force close existing replication connections, simply restart slapd.
But now I can use two admin passwords (old and new) Can I only make one password ? I check it like this ldapsearch -W -H ldaps://ldap1.domain.com:636 -x -D "cn=admin,dc=domain,dc=com" -b «dc=domain,dc=com" -s sub "(cn=*)"
This would indicate that in addition to the rootdn being defined in the slapd configuration, you also have an entry for it in the database. You'll need to update the password for the entry in the database as well. I would suggest using the ldappasswd client utility for that.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Quanah Gibson-Mount -
Клеусов Владимир Сергее вич -
Клеусов Владимир Сергеевич