Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello
I'm new to ldap (used NIS in the past) and have inherited a set of Ubuntu boxes that authenticate to an ldap server. The old SA left and gave me the wrong password, at least it doesn't seem to work. How do I reset the ldap admin password without knowing it.
My research says to run slappasswd and put that into the /etc/ldap/ldap.conf. First my ldap.conf file only contains the following.
Quote:
BASE dc=devnet,dc=ais,dc=com
URI ldaps://ldap.devnet.ais.com
TLS_REQCERT allow
TLS_CACERT /etc/ldap/ssl/cacert.crt
There is a file at /etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif that has the following and I've tried without success to put the output of slappasswd into the line oldRootPW the restart slapd
Where {SSHA}blahblahblah is the slappasswd output. Note that you need one colon ":" instead of the 2 in the original file between olcRootPW and the hashed password. Also make sure to not leave a blank space.
And don't forget to make backups of the files you edit
I was trying simply to change an ldap passwd using the passwd command
or the following
Quote:
ldapsearch cn=admin
such as
Quote:
tom.gossard@guide:~$ ldapsearch cn=admin
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
tom.gossard@guide:~$
I have tried my password, which I know and the ldap admin password.
I tried your suggestion and got the following error
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
I've used the ldapuri from you 1st post. Better rename ldap.conf, so the various ldap utils do not use it
Regarding the "invalid credentials" error, I cannot tell what's wrong with your configuration.
Try to do the same for olcRootPW in olcDatabase\=\{1\}bdb.ldif (don't forget backups and restart slapd) and see if you can do a simple search, like:
Good news YEA. I can modify the ldap entries now. Someone else who works here guessed the password. I never did get the stupid thing changed, but at least we now know the real password. The worst part, its a password that any experienced hacker would have guessed. Its good thing I don't hack for a living, I'd starve
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.