Jumat, 14 Agustus 2020

How to reset password rootdn Ldap

  Tidak ada komentar

 Export rootdn configuration to file

[[email protected] ~]# ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW | tee ~/newpasswd.ldif
dn: olcDatabase={0}config,cn=config
olcRootDN: cn=config
olcRootPW: {SSHA}1g3T4jH5NhFOmIHwLHAinajpXTUlJHyx

dn: olcDatabase={2}bdb,cn=config
olcRootDN: cn=cognos,dc=wachid,dc=com
olcRootPW: {SSHA}FIu/Nv95MMiMH/rEMk4A4cVCGIYKVQ8+

[[email protected] ~]#
Check the exported configuration
[[email protected] ~]# cat newpasswd.ldif
dn: olcDatabase={2}bdb,cn=config
olcRootDN: cn=cognos,dc=wachid,dc=com
olcRootPW: {SSHA}FIu/Nv95MMiMH/rEMk4A4cVCGIYKVQ8+

[[email protected] ~]#
Create new ldap password to exported configuration
[[email protected] ~]# slappasswd -h {SSHA} >> newpasswd.ldif
New password:
Re-enter new password:
[[email protected] ~]#
[[email protected] ~]# vi newpasswd.ldif
[[email protected] ~]#

 Modify the old password using modified exported configuration file

[[email protected] ~]# ldapmodify -H ldapi:// -Y EXTERNAL -f ~/newpasswd.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}bdb,cn=config"

[[email protected] ~]#

 Testing the ldap using new password

[[email protected] ~]# ldapsearch -h localhost -b "dc=wachid,dc=com" -D "cn=cognos,dc=wachid,dc=com" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=wachid,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# wachid.com
dn: dc=wachid,dc=com
objectClass: dcObject
objectClass: organization
o: wachid.com
dc: wachid

# users, wachid.com
dn: ou=users,dc=wachid,dc=com
objectClass: organizationalUnit
objectClass: top
ou: users

# groups, wachid.com
dn: ou=groups,dc=wachid,dc=com
objectClass: organizationalUnit
objectClass: top
ou: groups

# userwachidgrp, groups, wachid.com
dn: cn=userwachidgrp,ou=groups,dc=wachid,dc=com
objectClass: top
objectClass: posixGroup
gidNumber: 100
cn: userwachidgrp

# userwachid, users, wachid.com
dn: uid=userwachid,ou=users,dc=wachid,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: menhub
uid: menhub
uidNumber: 16859
gidNumber: 100
homeDirectory: /home/userwachid
loginShell: /bin/bash
gecos: menhub
userPassword:: e1NTSEF9Rkl1L052OTVNTWlNSC9yRU1rNEE0Y1ZDR0lZS1ZROCs=
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
..
..
# search result
search: 2
result: 0 Success

# numResponses: 14
# numEntries: 13
[[email protected] ~]#


Tidak ada komentar :

Posting Komentar