2012. május 18., péntek

OpenLDAP Admin Password Recovery on Ubuntu 12.04

Today we talk about what to do when facing a lost OpenLDAP admin password problem.
(Ez a cikk magyarul is olvasható.)
Create a file and call it pwd.ldif:
dn: olcDatabase={1}hdb,cn=config
replace: olcRootPW
olcRootPW: {SSHA}Y4gCfXOdz1cq+qnYnf3GxoaIYD/Qs7JM
To create the olcRootPW hash run:
slappasswd -s titok
Adding the new password to LDAP:
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f pwd.ldif
And here we go. In the ouput of the command
sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcRootDN -LLL -Q
you find an olcRootDN. Using that you can authenticate yourself against the LDAP-server.

A tiny problem is that so far the old password is accepted as well. We do not know what the old password is, but someone else maybe does. So we have some more work to do:

Create a new file pwd2.ldif (I am soooo creative...):
dn: cn=admin,dc=itthon,dc=cucc
replace: userPassword
userPassword: {SSHA}Y4gCfXOdz1cq+qnYnf3GxoaIYD/Qs7JM
(Passowrd is the same as before.)

ldapmodify -x -D cn=admin,dc=itthon,dc=cucc -f pwd2.ldif -W
When typing the password in, we have to use the new one.

So we have dealt with all the remnants of the old password.

Further reading:

Nincsenek megjegyzések: