[389-users] replication password

Herb Burnswell herbert.burnswell at gmail.com
Thu Apr 3 01:10:49 UTC 2014 

Noriko,

It did work, thank you for your help.  Replication is now working properly.

One question, I'm used to using cn=Directory Manager as well.  Is
there any downside to using cn=Administrators for 'root' privileges?

Thanks,

Herb



Ok. Then, did these work for you?

$ ldapsearch -x -D "cn=Administrators" -w <pw> -s base -b "" "objectclass=*"

$ ldapmodify -x-D "cn=Administrators" -w <pw><< EOF
dn: cn=replication Manager,cn=config
changetype: modify
replace: userPassword
userPassword: <new_password>
EOF



On Wed, Apr 2, 2014 at 4:31 PM, Herb Burnswell
<herbert.burnswell at gmail.com>wrote:

> Noriko,
>
>
> I receive:
>
> nsslapd_rootdn: cn=Administrators
>
>
>
> On Wed, Apr 2, 2014 at 4:02 PM, Herb Burnswell <
> herbert.burnswell at gmail.com> wrote:
>
>> Noriko,
>>
>> Thank you for your response.  It looks like there's an issue with directory manager privilege.  When I attempt the command:
>>
>> ldapsearch -x -D "cn=Directory Manager" -w <pw> -s base -b "" "objectclass=*"
>>
>> ldap_bind: No such object (32)
>>
>>
>> How can I confirm directory manager user?
>>
>>
>> Thanks again for your help,
>>
>> Herb
>>
>>
>>
>>
>> Hello,
>>
>> This password is base64 encoded and folded at the ~80th column. (So,
>> please do not remove the last '=')
>> userPassword::
>> e1NTSEF9dGljWTdhcTlFSVRoYmRrZHhYcWxWN2dLZnhSMVpFeEJWd0xOeEE9PQ==
>>
>> If you decode it, it looks like this:
>>
>>     {SSHA}ticY7aq9EIThbdkdxXqlV7gKfxR1ZExBVwLNxA==
>>
>> It is SSHA hashed.
>>
>> I think you have a directory manager privilege.  If so, you could reset
>> the password by ldapmodify command?
>> ldapmodify ... << EOF
>> dn: cn=replicationManager,cn=config
>> changetype: modify
>> replace: userPassword
>> userPassword: <new_password>
>> EOF
>>
>> Herb Burnswell wrote:
>> >* All,
>> *
>> >>* I am taking over a newly installed 389-ds environment:
>> *>>* 389-admin-1.1.29-1.el6.x86_64
>> *>* 389-admin-console-1.1.8-1.el6.noarch
>> *>* 389-admin-console-doc-1.1.8-1.el6.noarch
>> *>* 389-adminutil-1.1.15-1.el6.x86_64
>> *>* 389-console-1.1.7-1.el6.noarch
>> *>* 389-ds-1.2.2-1.el6.noarch
>> *>* 389-ds-base-1.2.11.15-32.el6_5.x86_64
>> *>* 389-ds-base-libs-1.2.11.15-32.el6_5.x86_64
>> *>* 389-ds-console-1.2.6-1.el6.noarch
>> *>* 389-ds-console-doc-1.2.6-1.el6.noarch
>> *>* 389-dsgw-1.1.10-1.el6.x86_64
>> *>>* I have two systems that I will use as Multiple Masters.  The problem
>> *>* is when creating a replication agreement on each side, replication
>> *>* fails with:
>> *>>* 49 LDAP error invalid credentials
>> *>>* So, I need to reset the replication manager user password.  When I
>> *>* look at the dse.ldif file I see:
>> *>>* dn: cn=replicationManager,cn=config
>> *>* objectClass: inetorgperson
>> *>* objectClass: person
>> *>* objectClass: top
>> *>* objectClass: organizationalPerson
>> *>* cn: replicationManager
>> *>* sn: RM
>> *>* passwordExpirationTime: 20380119031407Z
>> *>* nsIdleTimeout: 0
>> *>* userPassword::
>> *>* e1NTSEF9dGljWTdhcTlFSVRoYmRrZHhYcWxWN2dLZnhSMVpFeEJWd0xOeEE9PQ=
>> *>*  =
>> *>* creatorsName: cn=administrators
>> *>* modifiersName: cn=administrators
>> *>* createTimestamp: 20131025040123Z
>> *>* modifyTimestamp: 20131025040123Z
>> *>>>* This looks odd to me regarding the userPassword and it having an
>> *>* 'extra line' after it.  If I move the '=' sign back to the same above
>> *>* line and bounce dirsrv it goes back to the above.
>> *>>* In any event, how can I reset this password?   Any assistance is
>> *>* greatly appreciated.
>> *>>* Thanks in advance,
>> *>>* Herb*
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20140402/4b48a0cb/attachment.html>

More information about the 389-users mailing list