[389-users] replication password

Herb Burnswell herbert.burnswell at gmail.com
Wed Apr 2 23:02:56 UTC 2014 

Noriko,

Thank you for your response.  It looks like there's an issue with
directory manager privilege.  When I attempt the command:

ldapsearch -x -D "cn=Directory Manager" -w <pw> -s base -b "" "objectclass=*"

ldap_bind: No such object (32)


How can I confirm directory manager user?


Thanks again for your help,

Herb




Hello,

This password is base64 encoded and folded at the ~80th column. (So,
please do not remove the last '=')
userPassword::
e1NTSEF9dGljWTdhcTlFSVRoYmRrZHhYcWxWN2dLZnhSMVpFeEJWd0xOeEE9PQ==

If you decode it, it looks like this:

    {SSHA}ticY7aq9EIThbdkdxXqlV7gKfxR1ZExBVwLNxA==

It is SSHA hashed.

I think you have a directory manager privilege.  If so, you could reset
the password by ldapmodify command?
ldapmodify ... << EOF
dn: cn=replicationManager,cn=config
changetype: modify
replace: userPassword
userPassword: <new_password>
EOF

Herb Burnswell wrote:
>* All,
*>>* I am taking over a newly installed 389-ds environment:
*>>* 389-admin-1.1.29-1.el6.x86_64
*>* 389-admin-console-1.1.8-1.el6.noarch
*>* 389-admin-console-doc-1.1.8-1.el6.noarch
*>* 389-adminutil-1.1.15-1.el6.x86_64
*>* 389-console-1.1.7-1.el6.noarch
*>* 389-ds-1.2.2-1.el6.noarch
*>* 389-ds-base-1.2.11.15-32.el6_5.x86_64
*>* 389-ds-base-libs-1.2.11.15-32.el6_5.x86_64
*>* 389-ds-console-1.2.6-1.el6.noarch
*>* 389-ds-console-doc-1.2.6-1.el6.noarch
*>* 389-dsgw-1.1.10-1.el6.x86_64
*>>* I have two systems that I will use as Multiple Masters.  The problem
*>* is when creating a replication agreement on each side, replication
*>* fails with:
*>>* 49 LDAP error invalid credentials
*>>* So, I need to reset the replication manager user password.  When I
*>* look at the dse.ldif file I see:
*>>* dn: cn=replicationManager,cn=config
*>* objectClass: inetorgperson
*>* objectClass: person
*>* objectClass: top
*>* objectClass: organizationalPerson
*>* cn: replicationManager
*>* sn: RM
*>* passwordExpirationTime: 20380119031407Z
*>* nsIdleTimeout: 0
*>* userPassword::
*>* e1NTSEF9dGljWTdhcTlFSVRoYmRrZHhYcWxWN2dLZnhSMVpFeEJWd0xOeEE9PQ=
*>*  =
*>* creatorsName: cn=administrators
*>* modifiersName: cn=administrators
*>* createTimestamp: 20131025040123Z
*>* modifyTimestamp: 20131025040123Z
*>>>* This looks odd to me regarding the userPassword and it having an
*>* 'extra line' after it.  If I move the '=' sign back to the same above
*>* line and bounce dirsrv it goes back to the above.
*>>* In any event, how can I reset this password?   Any assistance is
*>* greatly appreciated.
*>>* Thanks in advance,
*>>* Herb*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20140402/cc0fe0e4/attachment.html>

More information about the 389-users mailing list