[389-users] replication password

Noriko Hosoi nhosoi at redhat.com
Wed Apr 2 23:15:01 UTC 2014 

Herb Burnswell wrote:
> Noriko,
> Thank you for your response.  It looks like there's an issue with directory manager privilege.  When I attempt the command:
> ldapsearch -x -D "cn=Directory Manager" -w <pw> -s base -b "" "objectclass=*"
> ldap_bind: No such object (32)
>
>
> How can I confirm directory manager user?
What value does this config attribute has?
# grep -i nsslapd-rootdn /etc/dirsrv/slapd-YOUR_ID/dse.ldif

Thanks,
--noriko

> Thanks again for your help,
> Herb
> Hello,
>
> This password is base64 encoded and folded at the ~80th column. (So,
> please do not remove the last '=')
> userPassword::
> e1NTSEF9dGljWTdhcTlFSVRoYmRrZHhYcWxWN2dLZnhSMVpFeEJWd0xOeEE9PQ==
>
> If you decode it, it looks like this:
>
>      {SSHA}ticY7aq9EIThbdkdxXqlV7gKfxR1ZExBVwLNxA==
>
> It is SSHA hashed.
>
> I think you have a directory manager privilege.  If so, you could reset
> the password by ldapmodify command?
> ldapmodify ... << EOF
> dn: cn=replicationManager,cn=config
> changetype: modify
> replace: userPassword
> userPassword: <new_password>
> EOF
>
> Herb Burnswell wrote:
> >/  All,
> />/
> />/  I am taking over a newly installed 389-ds environment:
> />/
> />/  389-admin-1.1.29-1.el6.x86_64
> />/  389-admin-console-1.1.8-1.el6.noarch
> />/  389-admin-console-doc-1.1.8-1.el6.noarch
> />/  389-adminutil-1.1.15-1.el6.x86_64
> />/  389-console-1.1.7-1.el6.noarch
> />/  389-ds-1.2.2-1.el6.noarch
> />/  389-ds-base-1.2.11.15-32.el6_5.x86_64
> />/  389-ds-base-libs-1.2.11.15-32.el6_5.x86_64
> />/  389-ds-console-1.2.6-1.el6.noarch
> />/  389-ds-console-doc-1.2.6-1.el6.noarch
> />/  389-dsgw-1.1.10-1.el6.x86_64
> />/
> />/  I have two systems that I will use as Multiple Masters.  The problem
> />/  is when creating a replication agreement on each side, replication
> />/  fails with:
> />/
> />/  49 LDAP error invalid credentials
> />/
> />/  So, I need to reset the replication manager user password.  When I
> />/  look at the dse.ldif file I see:
> />/
> />/  dn: cn=replicationManager,cn=config
> />/  objectClass: inetorgperson
> />/  objectClass: person
> />/  objectClass: top
> />/  objectClass: organizationalPerson
> />/  cn: replicationManager
> />/  sn: RM
> />/  passwordExpirationTime: 20380119031407Z
> />/  nsIdleTimeout: 0
> />/  userPassword::
> />/  e1NTSEF9dGljWTdhcTlFSVRoYmRrZHhYcWxWN2dLZnhSMVpFeEJWd0xOeEE9PQ=
> />/   =
> />/  creatorsName: cn=administrators
> />/  modifiersName: cn=administrators
> />/  createTimestamp: 20131025040123Z
> />/  modifyTimestamp: 20131025040123Z
> />/
> />/
> />/  This looks odd to me regarding the userPassword and it having an
> />/  'extra line' after it.  If I move the '=' sign back to the same above
> />/  line and bounce dirsrv it goes back to the above.
> />/
> />/  In any event, how can I reset this password?   Any assistance is
> />/  greatly appreciated.
> />/
> />/  Thanks in advance,
> />/
> />/  Herb/
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20140402/104fd03e/attachment.html>

More information about the 389-users mailing list