Directory Server und/oder Directory Admin Server Passwort ändern

Aus Bennys Wiki
Version vom 6. September 2012, 17:07 Uhr von 155.56.68.216 (Diskussion)

(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche


SUN ONE DS5.2: HOW TO Recover forgotten/not-working admin id and admin server password

Assumption: during installation using "setup" or "installer", you have set both admin id and admin server password to the same.

Step 1) Stop Admin-Server and slapd

# cd /var/Sun/mps
./stop-admin
# cd /var/Sun/mps/slapd-ldap1
./stop-slapd

Step 2) Export a copy of NetscapeRoot configuration data, note the name of the ldif file saved to confbak directory

# ./saveconfig
saving configuration ...
ldiffile: /var/Sun/mps/slapd-ldap1/confbak/2005_05_12_045951.ldif
[12/May/2005:04:59:51 -0400] - export NetscapeRoot: Processed 100 entries (100%).

Step 3) Obtain TWO types of new Admin passwords, one for SSHA (admin id), the other for SHA (admin-serv).

Below shows example steps, "getpwenc" is in /var/Sun/mps/slapd-ldap1

# ./getpwenc SSHA newadmpw
{SSHA}NXEfUSviQiTC8BbMztid4Asy5pj4cGEQYzRyMA==
# ./getpwenc SHA newadmpw
{SHA}v8bEZRdUUTOD3snchZZvh1WmVCA=

Step 4) Change TWO occurences of Admin Server password in the backed up ldif file

# vi /var/Sun/mps/slapd-ldap1/confbak/2005_05_12_045951.ldif

Search for the FIRST occurence of "userPassword", it should be pointing to "uid=admin", pls verify by looking at "dn:" line

dn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetorgperson cn: Configuration Administrator sn: Administrator givenName: Configuration uid: admin passwordExpirationTime: 20380119031407Z userPassword: {SSHA}Somestuff

Change value of this "userPassword" to the required new admin id pw in SSHA format

userPassword: {SSHA}NXEfUSviQiTC8BbMztid4Asy5pj4cGEQYzRyMA==

Search for the SECOND occurrence of "userPassword", it should be pointing to "cn=Directory Manager", pls verify by looking at a line just above it that reads: nsBindDN: cn=Directory Manager

Ignore this second occurene UNLESS you intend to also reset "cn=Directory Manager" password, you can always do this later in SUN ONE Console after reseting admin password(s).

Search for the THIRD occurrence of "userPassword", it should be pointing to "admin-serv", pls verify by looking at a line just above it that reads: nsServerID: admin-serv

Change value of this "userPassword" to the required new admin-server pw in SHA format

userPassword: {SHA}v8bEZRdUUTOD3snchZZvh1WmVCA=

Save changes and exit "vi" editor.

Step 5) Import the edited NetscapeRoot configuration data changes

# ./restoreconfig
Restoring /var/Sun/mps/slapd-ldap1/confbak/2005_05_12_045951.ldif
[12/May/2005:05:11:04 -0400] - import NetscapeRoot: Index buffering enabled with bucket size 16
[12/May/2005:05:11:04 -0400] - import NetscapeRoot: Beginning import job...
[12/May/2005:05:11:04 -0400] - import NetscapeRoot: Processing file "/var/Sun/mps/slapd-ldap1/confbak/2005_05_12_045951.ldif"
[12/May/2005:05:11:04 -0400] - import NetscapeRoot: Finished scanning file "/var/Sun/mps/slapd-ldap1/confbak/2005_05_12_045951.ldif" (100 entries)
[12/May/2005:05:11:05 -0400] - import NetscapeRoot: Workers finished; cleaning up...
[12/May/2005:05:11:07 -0400] - import NetscapeRoot: Workers cleaned up.
[12/May/2005:05:11:07 -0400] - import NetscapeRoot: Cleaning up producer thread...
[12/May/2005:05:11:07 -0400] - import NetscapeRoot: Indexing complete. Post-processing...
[12/May/2005:05:11:07 -0400] - import NetscapeRoot: Flushing caches...
[12/May/2005:05:11:07 -0400] - import NetscapeRoot: Closing files...
[12/May/2005:05:11:07 -0400] - import NetscapeRoot: Import complete. Processed 100 entries in 3 seconds. (33.33 entries/sec)

Step 6) Change admin-server password in admin-serv/config/admpw in SHA format

# vi /var/Sun/mps/admin-serv/config/admpw

Change its content to the same as the above, note THERE IS NO SPACE between "admin:" and "{SSHA}" AND THERE IS NO LINE FEED at the end of line

admin:{SHA}v8bEZRdUUTOD3snchZZvh1WmVCA=

Step 7) Restart Admin Server and slapd

# cd /var/Sun/mps
# ./start-admin
# cd slapd-ldap1
# ./start-slapd

Step 8) Start SUN ONE Console and test. You have done a GREAT job.

Found here: http://www.ldapguru.org/modules/newbb/viewtopic.php?topic_id=1950&forum=6&post_id=6420