[389-users] replication password

Noriko Hosoi nhosoi at redhat.com
Thu Apr 3 00:10:11 UTC 2014 

Herb Burnswell wrote:
> Noriko,
> I receive:
> nsslapd_rootdn: cn=Administrators
Ok. Then, did these work for you?

$ ldapsearch -x -D "cn=Administrators" -w <pw> -s base -b "" "objectclass=*"

$ ldapmodify -x-D "cn=Administrators" -w <pw><< EOF
dn: cn=replication Manager,cn=config
changetype: modify
replace: userPassword
userPassword: <new_password>
EOF


>
>
> On Wed, Apr 2, 2014 at 4:02 PM, Herb Burnswell 
> <herbert.burnswell at gmail.com <mailto:herbert.burnswell at gmail.com>> wrote:
>
>     Noriko,
>
>     Thank you for your response.  It looks like there's an issue with directory manager privilege.  When I attempt the command:
>
>     ldapsearch -x -D "cn=Directory Manager" -w <pw> -s base -b "" "objectclass=*"
>
>     ldap_bind: No such object (32)
>
>
>
>     How can I confirm directory manager user?
>
>     Thanks again for your help,
>
>     Herb
>
>     Hello,
>
>     This password is base64 encoded and folded at the ~80th column. (So,
>     please do not remove the last '=')
>     userPassword::
>     e1NTSEF9dGljWTdhcTlFSVRoYmRrZHhYcWxWN2dLZnhSMVpFeEJWd0xOeEE9PQ==
>
>     If you decode it, it looks like this:
>
>          {SSHA}ticY7aq9EIThbdkdxXqlV7gKfxR1ZExBVwLNxA==
>
>     It is SSHA hashed.
>
>     I think you have a directory manager privilege.  If so, you could reset
>     the password by ldapmodify command?
>     ldapmodify ... << EOF
>     dn: cn=replicationManager,cn=config
>     changetype: modify
>     replace: userPassword
>     userPassword: <new_password>
>     EOF
>
>     Herb Burnswell wrote:
>     >/  All,
>     /
>     >//>/I am taking over a newly installed 389-ds environment:
>     />//>/389-admin-1.1.29-1.el6.x86_64
>     />/389-admin-console-1.1.8-1.el6.noarch
>     />/389-admin-console-doc-1.1.8-1.el6.noarch
>     />/389-adminutil-1.1.15-1.el6.x86_64
>     />/389-console-1.1.7-1.el6.noarch />/389-ds-1.2.2-1.el6.noarch
>     />/389-ds-base-1.2.11.15-32.el6_5.x86_64
>     />/389-ds-base-libs-1.2.11.15-32.el6_5.x86_64
>     />/389-ds-console-1.2.6-1.el6.noarch
>     />/389-ds-console-doc-1.2.6-1.el6.noarch
>     />/389-dsgw-1.1.10-1.el6.x86_64 />//>/I have two systems that I
>     will use as Multiple Masters. The problem />/is when creating a
>     replication agreement on each side, replication />/fails with:
>     />//>/49 LDAP error invalid credentials />//>/So, I need to reset
>     the replication manager user password. When I />/look at the
>     dse.ldif file I see: />//>/dn: cn=replicationManager,cn=config
>     />/objectClass: inetorgperson />/objectClass: person
>     />/objectClass: top />/objectClass: organizationalPerson />/cn:
>     replicationManager />/sn: RM />/passwordExpirationTime:
>     20380119031407Z />/nsIdleTimeout: 0 />/userPassword::
>     />/e1NTSEF9dGljWTdhcTlFSVRoYmRrZHhYcWxWN2dLZnhSMVpFeEJWd0xOeEE9PQ=
>     />/= />/creatorsName: cn=administrators />/modifiersName:
>     cn=administrators />/createTimestamp: 20131025040123Z
>     />/modifyTimestamp: 20131025040123Z />//>//>/This looks odd to me
>     regarding the userPassword and it having an />/'extra line' after
>     it. If I move the '=' sign back to the same above />/line and
>     bounce dirsrv it goes back to the above. />//>/In any event, how
>     can I reset this password? Any assistance is />/greatly
>     appreciated. />//>/Thanks in advance, />//>/Herb/
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20140402/a79196b8/attachment.html>

More information about the 389-users mailing list