Re: Reset admin pass

Fri, 20 Nov 2020 12:36:05 -0800 




--On Friday, November 20, 2020 10:50 AM +0000 Клеусов 
Владимир Сергеевич <[email protected]> wrote:



Right ?
Sorry for being so detailed...



You should be able to do all of the modifications necessary as two 
operations inside a single LDIF file. Additionally, since you previously 
set olcMirrorMode to true, there's no need to do it again.



As an aside, I would note that the hdb backend is deprecated and you are 
encouraged to migrate to using the MDB backend instead.  You've also not 
stated what release of OpenLDAP you are using, but I'd strongly advise 
using no earlier than 2.4.54.  It generally appears you're on RHEL7 based 
on the changes you noted.  If that's correct, Symas offers free replacement 
packages that are up to date at: <https://repo.symas.com/sofl/rhel7/>.  The 
LTB project also offers current builds for a variety of platforms at 
<https://ltb-project.org/download>.


Example LDIF file for doing the necessary changes:

cat > /tmp/change.ldif << EOF
dn: olcDatabase={0}config, cn=config
changetype: modify
replace: olcRootPW
olcRootPW: newpass
-
replace: olcSyncRepl
olcSyncRepl: rid=001
 provider=ldaps://ldap1.domain.com
 searchbase="cn=config"
 bindmethod=simple
 credentials=newpass
 binddn="cn=admin,cn=config"
 tls_reqcert=never
 type=refreshAndPersist
 retry="30 +"
 timeout=1
olcSyncRepl: rid=002
 provider=ldaps://ldap2.domain.com
 searchbase="cn=config"
 bindmethod=simple
 credentials=newpass
 binddn="cn=admin,cn=config"
 tls_reqcert=never type=refreshAndPersist
 retry="30 +"
 timeout=1

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: newpass
-
replace: olcSyncRepl
olcSyncRepl: rid=001
 provider=ldaps://ldap1.domain.com
 searchbase="dc=domain,dc=com"
 bindmethod=simple
 credentials=newpass
 binddn="cn=admin,dc=domain,dc=com"
 tls_reqcert=allow
 type=refreshAndPersist
 retry="30 +"
 timeout=1
olcSyncRepl: rid=002
 provider=ldaps://ldap2.domain.com
 searchbase="dc=domain,dc=com"
 bindmethod=simple
 credentials=newpass
 binddn="cn=admin,dc=domain,dc=com"
 tls_reqcert=allow
 type=refreshAndPersist
 retry="30 +"
 timeout=1
EOF


Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>














    

  • Reset admin pass Клеусов Владимир Сергеевич
    • 

    • 

    • Re: Reset admin pa... Quanah Gibson-Mount
      • 

      • 

      • Re: Reset admi... Клеусов Владимир Сергеевич
        • 

        • 

        • Re: Reset ... Quanah Gibson-Mount
          • 

          • 

          • Re: Re... Клеусов Владимир Сергеевич
            • 

            • 

            • R... Quanah Gibson-Mount
              • 

              • 

              • ... Клеусов Владимир Сергеевич
                • 

                • 

                • ... Quanah Gibson-Mount
                  • 

                • ... Клеусов Владимир Сергеевич
                  • 

                • ... Quanah Gibson-Mount
                  • 

                • ... Клеусов Владимир Сергеевич
                  • 

                • ... Quanah Gibson-Mount
                  • 

                • ... Клеусов Владимир Сергеевич
                  • 

                • ... Quanah Gibson-Mount
                  • 

                

              

            

          

        

      

    










					Reply via email to