[389-users] replication password
Noriko Hosoi
nhosoi at redhat.com
Thu Apr 3 01:17:10 UTC 2014
Herb Burnswell wrote:
> Noriko,
> It did work, thank you for your help. Replication is now working properly.
> One question, I'm used to using cn=Directory Manager as well. Is there any downside to using cn=Administrators for 'root' privileges?
I cannot think of anything wrong. Please let us know if you run into
any issues by using the account name. It's fully supported.
Thanks,
--noriko
> Thanks,
> Herb
> Ok. Then, did these work for you?
>
> $ ldapsearch -x -D "cn=Administrators" -w <pw> -s base -b "" "objectclass=*"
>
> $ ldapmodify -x-D "cn=Administrators" -w <pw><< EOF
> dn: cn=replication Manager,cn=config
> changetype: modify
> replace: userPassword
> userPassword: <new_password>
> EOF
>
>
> On Wed, Apr 2, 2014 at 4:31 PM, Herb Burnswell
> <herbert.burnswell at gmail.com <mailto:herbert.burnswell at gmail.com>> wrote:
>
> Noriko,
>
> I receive:
>
> nsslapd_rootdn: cn=Administrators
>
>
>
> On Wed, Apr 2, 2014 at 4:02 PM, Herb Burnswell
> <herbert.burnswell at gmail.com <mailto:herbert.burnswell at gmail.com>>
> wrote:
>
> Noriko,
>
> Thank you for your response. It looks like there's an issue with directory manager privilege. When I attempt the command:
>
> ldapsearch -x -D "cn=Directory Manager" -w <pw> -s base -b "" "objectclass=*"
>
> ldap_bind: No such object (32)
>
>
>
>
> How can I confirm directory manager user?
>
> Thanks again for your help,
>
> Herb
>
> Hello,
>
> This password is base64 encoded and folded at the ~80th column. (So,
> please do not remove the last '=')
> userPassword::
> e1NTSEF9dGljWTdhcTlFSVRoYmRrZHhYcWxWN2dLZnhSMVpFeEJWd0xOeEE9PQ==
>
> If you decode it, it looks like this:
>
> {SSHA}ticY7aq9EIThbdkdxXqlV7gKfxR1ZExBVwLNxA==
>
> It is SSHA hashed.
>
> I think you have a directory manager privilege. If so, you could reset
> the password by ldapmodify command?
> ldapmodify ... << EOF
> dn: cn=replicationManager,cn=config
> changetype: modify
> replace: userPassword
> userPassword: <new_password>
> EOF
>
> Herb Burnswell wrote:
> >/ All,
> /
> >//>/I am taking over a newly installed 389-ds environment:
> />//>/389-admin-1.1.29-1.el6.x86_64
> />/389-admin-console-1.1.8-1.el6.noarch
> />/389-admin-console-doc-1.1.8-1.el6.noarch
> />/389-adminutil-1.1.15-1.el6.x86_64
> />/389-console-1.1.7-1.el6.noarch />/389-ds-1.2.2-1.el6.noarch
> />/389-ds-base-1.2.11.15-32.el6_5.x86_64
> />/389-ds-base-libs-1.2.11.15-32.el6_5.x86_64
> />/389-ds-console-1.2.6-1.el6.noarch
> />/389-ds-console-doc-1.2.6-1.el6.noarch
> />/389-dsgw-1.1.10-1.el6.x86_64 />//>/I have two systems that
> I will use as Multiple Masters. The problem />/is when
> creating a replication agreement on each side, replication
> />/fails with: />//>/49 LDAP error invalid credentials
> />//>/So, I need to reset the replication manager user
> password. When I />/look at the dse.ldif file I see: />//>/dn:
> cn=replicationManager,cn=config />/objectClass: inetorgperson
> />/objectClass: person />/objectClass: top />/objectClass:
> organizationalPerson />/cn: replicationManager />/sn: RM
> />/passwordExpirationTime: 20380119031407Z />/nsIdleTimeout: 0
> />/userPassword::
> />/e1NTSEF9dGljWTdhcTlFSVRoYmRrZHhYcWxWN2dLZnhSMVpFeEJWd0xOeEE9PQ=
> />/= />/creatorsName: cn=administrators />/modifiersName:
> cn=administrators />/createTimestamp: 20131025040123Z
> />/modifyTimestamp: 20131025040123Z />//>//>/This looks odd to
> me regarding the userPassword and it having an />/'extra line'
> after it. If I move the '=' sign back to the same above
> />/line and bounce dirsrv it goes back to the above. />//>/In
> any event, how can I reset this password? Any assistance is
> />/greatly appreciated. />//>/Thanks in advance, />//>/Herb/
>
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20140402/bed0575b/attachment.html>
More information about the 389-users
mailing list