OpenLDAP: Set config admin password

12 March 2015

In OpenLDAP even the config is now stored in LDAP. This is pretty cool if you want to replicate ACL-Rules or Configs. But it is also pretty unhandy to manage. If you install OpenLDAP in Debian, there is no Password for our “cn=admin,cn=config”-User. In this article I want to describe how to set a password.

First of all, let’s search for the right entry in our ldap-tree:

dr@tardis:# ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config

In this output we can find our cn=admin,cn=config

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
 ,cn=auth manage by * break
 olcRootDN: cn=admin,cn=config

Now lets encode our password using the following command:

slappasswd -h {SHA}

So we can create our modification.ldif now:

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}

And enable it with the following command

ldapmodify -Y EXTERNAL -H ldapi:/// -f modification.ldif
[ Linux  Sysadmin  OpenLDAP  ]
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti