<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix"> Herb Burnswell wrote:<br>
    </div>
    <blockquote
cite="mid:CAOuzmw6-_=MVnty0DwXgF1xB+EkCKzwnwA=FqASUT3jWEURCgw@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <pre style="white-space:pre-wrap;color:rgb(0,0,0)">Noriko,</pre>
        <pre style="white-space:pre-wrap;color:rgb(0,0,0)">It did work, thank you for your help.  Replication is now working properly.</pre>
        <pre style="white-space:pre-wrap;color:rgb(0,0,0)">One question, I'm used to using cn=Directory Manager as well.  Is there any downside to using cn=Administrators for 'root' privileges?</pre>
      </div>
    </blockquote>
    I cannot think of anything wrong.  Please let us know if you run
    into any issues by using the account name.  It's fully supported.<br>
    Thanks,<br>
    --noriko<br>
    <blockquote
cite="mid:CAOuzmw6-_=MVnty0DwXgF1xB+EkCKzwnwA=FqASUT3jWEURCgw@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <pre style="white-space:pre-wrap;color:rgb(0,0,0)">Thanks,</pre>
        <pre style="white-space:pre-wrap;color:rgb(0,0,0)">Herb</pre>
        <pre style="white-space:pre-wrap;color:rgb(0,0,0)">
</pre>
        <pre style="white-space:pre-wrap;color:rgb(0,0,0)">
</pre>
        <pre style="white-space:pre-wrap;color:rgb(0,0,0)">Ok. Then, did these work for you?

$ ldapsearch -x -D "cn=Administrators" -w &lt;pw&gt; -s base -b "" "objectclass=*"

$ ldapmodify -x-D "cn=Administrators" -w &lt;pw&gt;&lt;&lt; EOF
dn: cn=replication Manager,cn=config
changetype: modify
replace: userPassword
userPassword: &lt;new_password&gt;
EOF</pre>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Wed, Apr 2, 2014 at 4:31 PM, Herb
          Burnswell <span dir="ltr">&lt;<a moz-do-not-send="true"
              href="mailto:herbert.burnswell@gmail.com" target="_blank">herbert.burnswell@gmail.com</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">
              <pre style="white-space:pre-wrap">Noriko,</pre>
              <pre style="white-space:pre-wrap">
</pre>
              <pre style="white-space:pre-wrap">I receive:</pre>
              <pre style="white-space:pre-wrap">nsslapd_rootdn: cn=Administrators</pre>
            </div>
            <div class="HOEnZb">
              <div class="h5">
                <div class="gmail_extra"><br>
                  <br>
                  <div class="gmail_quote">On Wed, Apr 2, 2014 at 4:02
                    PM, Herb Burnswell <span dir="ltr">&lt;<a
                        moz-do-not-send="true"
                        href="mailto:herbert.burnswell@gmail.com"
                        target="_blank">herbert.burnswell@gmail.com</a>&gt;</span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0
                      .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <div dir="ltr">
                        <pre style="white-space:pre-wrap">Noriko,</pre>
                        <pre style="white-space:pre-wrap">Thank you for your response.  It looks like there's an issue with directory manager privilege.  When I attempt the command:</pre>
                        <pre><font color="#000000"><span style="white-space:pre-wrap">ldapsearch -x -D "cn=Directory Manager" -w &lt;pw&gt; -s base -b "" "objectclass=*"
</span></font></pre>
                        <pre><font color="#000000"><span style="white-space:pre-wrap">ldap_bind: No such object (32)



</span></font></pre>
                        <pre><font color="#000000"><span style="white-space:pre-wrap">
</span></font></pre>
                        <pre><font color="#000000"><span style="white-space:pre-wrap">How can I confirm directory manager user?</span></font></pre>
                        <pre style="white-space:pre-wrap">
</pre>
                        <pre style="white-space:pre-wrap">Thanks again for your help,</pre>
                        <pre style="white-space:pre-wrap">Herb</pre>
                        <pre style="white-space:pre-wrap">
</pre>
                        <pre style="white-space:pre-wrap">
</pre>
                        <pre style="white-space:pre-wrap">
</pre>
                        <pre style="white-space:pre-wrap">Hello,

This password is base64 encoded and folded at the ~80th column. (So, 
please do not remove the last '=')
userPassword:: 
e1NTSEF9dGljWTdhcTlFSVRoYmRrZHhYcWxWN2dLZnhSMVpFeEJWd0xOeEE9PQ==

If you decode it, it looks like this:

    {SSHA}ticY7aq9EIThbdkdxXqlV7gKfxR1ZExBVwLNxA==

It is SSHA hashed.

I think you have a directory manager privilege.  If so, you could reset 
the password by ldapmodify command?
ldapmodify ... &lt;&lt; EOF
dn: cn=replicationManager,cn=config
changetype: modify
replace: userPassword
userPassword: &lt;new_password&gt;
EOF

Herb Burnswell wrote:
&gt;<i> All,
</i><div><div>&gt;<i>
</i>&gt;<i> I am taking over a newly installed 389-ds environment:
</i>&gt;<i>
</i>&gt;<i> 389-admin-1.1.29-1.el6.x86_64
</i>&gt;<i> 389-admin-console-1.1.8-1.el6.noarch
</i>&gt;<i> 389-admin-console-doc-1.1.8-1.el6.noarch
</i>&gt;<i> 389-adminutil-1.1.15-1.el6.x86_64
</i>&gt;<i> 389-console-1.1.7-1.el6.noarch
</i>&gt;<i> 389-ds-1.2.2-1.el6.noarch
</i>&gt;<i> 389-ds-base-1.2.11.15-32.el6_5.x86_64
</i>&gt;<i> 389-ds-base-libs-1.2.11.15-32.el6_5.x86_64
</i>&gt;<i> 389-ds-console-1.2.6-1.el6.noarch
</i>&gt;<i> 389-ds-console-doc-1.2.6-1.el6.noarch
</i>&gt;<i> 389-dsgw-1.1.10-1.el6.x86_64
</i>&gt;<i>
</i>&gt;<i> I have two systems that I will use as Multiple Masters.  The problem 
</i>&gt;<i> is when creating a replication agreement on each side, replication 
</i>&gt;<i> fails with:
</i>&gt;<i>
</i>&gt;<i> 49 LDAP error invalid credentials
</i>&gt;<i>
</i>&gt;<i> So, I need to reset the replication manager user password.  When I 
</i>&gt;<i> look at the dse.ldif file I see:
</i>&gt;<i>
</i>&gt;<i> dn: cn=replicationManager,cn=config
</i>&gt;<i> objectClass: inetorgperson
</i>&gt;<i> objectClass: person
</i>&gt;<i> objectClass: top
</i>&gt;<i> objectClass: organizationalPerson
</i>&gt;<i> cn: replicationManager
</i>&gt;<i> sn: RM
</i>&gt;<i> passwordExpirationTime: 20380119031407Z
</i>&gt;<i> nsIdleTimeout: 0
</i>&gt;<i> userPassword:: 
</i>&gt;<i> e1NTSEF9dGljWTdhcTlFSVRoYmRrZHhYcWxWN2dLZnhSMVpFeEJWd0xOeEE9PQ=
</i>&gt;<i>  =
</i>&gt;<i> creatorsName: cn=administrators
</i>&gt;<i> modifiersName: cn=administrators
</i>&gt;<i> createTimestamp: 20131025040123Z
</i>&gt;<i> modifyTimestamp: 20131025040123Z
</i>&gt;<i>
</i>&gt;<i>
</i>&gt;<i> This looks odd to me regarding the userPassword and it having an 
</i>&gt;<i> 'extra line' after it.  If I move the '=' sign back to the same above 
</i>&gt;<i> line and bounce dirsrv it goes back to the above.
</i>&gt;<i>
</i>&gt;<i> In any event, how can I reset this password?   Any assistance is 
</i>&gt;<i> greatly appreciated.
</i>&gt;<i>
</i>&gt;<i> Thanks in advance,
</i>&gt;<i>
</i>&gt;<i> Herb</i></div></div></pre>
                      </div>
                    </blockquote>
                  </div>
                  <br>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
    </blockquote>
    <br>
  </body>
</html>