Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
20.7. Managing the Directory Manager Password
The Directory Manager is the privileged database administrator, comparable to the
root user in Linux. The Directory Manager entry and the corresponding password are set during the instance installation.
The default distinguished name (DN) of the Directory Manager is
cn=Directory Manager.
20.7.1. Resetting the Directory Manager Password
Link kopierenLink in die Zwischenablage kopiert!
If you lose the Directory Manager password, reset it:
- Stop the Directory Server instance:
dsctl instance_name stop
# dsctl instance_name stopCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Generate a new password hash. For example:
pwdhash -D /etc/dirsrv/slapd-instance_name password
# pwdhash -D /etc/dirsrv/slapd-instance_name password {PBKDF2_SHA256}AAAgABU0bKhyjY53NcxY33ueoPjOUWtl4iyYN5uW...Copy to Clipboard Copied! Toggle word wrap Toggle overflow Specifying the path to the Directory Server configuration automatically uses the password storage scheme set in thensslapd-rootpwstorageschemeattribute to encrypt the new password. - Edit the
/etc/dirsrv/slapd-instance_name/dse.ldiffile and set thensslapd-rootpwattribute to the value displayed in the previous step:nsslapd-rootpw: {PBKDF2_SHA256}AAAgABU0bKhyjY53NcxY33ueoPjOUWtl4iyYN5uW...nsslapd-rootpw: {PBKDF2_SHA256}AAAgABU0bKhyjY53NcxY33ueoPjOUWtl4iyYN5uW...Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Start the Directory Server instance:
dsctl instance_name start
# dsctl instance_name startCopy to Clipboard Copied! Toggle word wrap Toggle overflow
20.7.2. Changing the Directory Manager Password
Link kopierenLink in die Zwischenablage kopiert!
This section describes how to can change the password of the Directory Manager account.
20.7.2.1. Changing the Directory Manager Password Using the Command Line
Link kopierenLink in die Zwischenablage kopiert!
Use one of the following options to set the new password:
Important
Only set the password using an encrypted connection. Using an unencrypted connection can expose the password to the network. If your server does not support encrypted connections, use the web console to update the Directory Manager password. See Section 20.7.2.2, “Changing the Directory Manager Password Using the Web Console”.
- To set the
nsslapd-rootpwparameter to a plain text value which Directory Server automatically encrypts:dsconf -D "cn=Directory Manager" ldaps://server.example.com config replace nsslapd-rootpw=password
# dsconf -D "cn=Directory Manager" ldaps://server.example.com config replace nsslapd-rootpw=passwordCopy to Clipboard Copied! Toggle word wrap Toggle overflow Warning
Do not use curly braces ({}) in the password. Directory Server stores the password in the{password-storage-scheme}hashed_passwordformat. The server interprets characters in curly braces as the password storage scheme. If the string is an invalid storage scheme or if the password is not correctly hashed, the Directory Manager cannot connect to the server. - To manually encrypt the password and setting it in the
nsslapd-rootpwparameter:- Generate a new password hash. For example:
pwdhash -D /etc/dirsrv/slapd-instance_name password
# pwdhash -D /etc/dirsrv/slapd-instance_name password {PBKDF2_SHA256}AAAgAMwPYIhEkQozTagoX6RGG5E7d6/6oOJ8TVty...Copy to Clipboard Copied! Toggle word wrap Toggle overflow Specifying the path to the Directory Server configuration automatically uses the password storage scheme set in thensslapd-rootpwstorageschemeattribute to encrypt the new password. - Set the
nsslapd-rootpwattribute to the value displayed in the previous step using a secure connection (STARTTLS):dsconf -D "cn=Directory Manager" ldaps://server.example.com config replace nsslapd-rootpw="{PBKDF2_SHA256}AAAgAMwPYIhEkQozTagoX6RGG5E7d6/6oOJ8TVty..."# dsconf -D "cn=Directory Manager" ldaps://server.example.com config replace nsslapd-rootpw="{PBKDF2_SHA256}AAAgAMwPYIhEkQozTagoX6RGG5E7d6/6oOJ8TVty..."Copy to Clipboard Copied! Toggle word wrap Toggle overflow
20.7.2.2. Changing the Directory Manager Password Using the Web Console
Link kopierenLink in die Zwischenablage kopiert!
As the administrator, perform these steps to change the password:
- Open the Directory Server user interface in the web console. See Section 1.4, “Logging Into Directory Server Using the Web Console”.
- Select the instance.
- Open the menu, and select Server Settings.
- Open the Directory Manager tab.
- Enter the new password into the Directory Manager Password and Confirm Password fields
- Optionally, set a different password storage scheme.
- Click .
20.7.3. Changing the Directory Manager Password Storage Scheme
Link kopierenLink in die Zwischenablage kopiert!
The password storage scheme specifies which algorithm Directory Server uses to hash a password. To change the storage scheme using the command line, your server must support encrypted connections. If your server does not support encrypted connections, use the web console to set the storage scheme. See Section 20.7.3.2, “Changing the Directory Manager Password Storage Scheme Using the Web Console”.
Note that the storage scheme of the Directory Manager (
nsslapd-rootpwstoragescheme) can be different than the scheme used to encrypt user passwords (nsslapd-pwstoragescheme).
For a list of supported password storage schemes, see the corresponding section in the Red Hat Directory Server Configuration, Command, and File Reference.
Note
If you change the Directory Manager's password storage scheme you must also reset its password. Existing passwords cannot be re-encrypted.
20.7.3.1. Changing the Directory Manager Password Storage Scheme Using the Command Line
Link kopierenLink in die Zwischenablage kopiert!
If your server supports encrypted connections, perform these steps to change the password storage scheme:
- Generate a new password hash that uses the new storage scheme. For example:
pwdhash -s PBKDF2_SHA256 password
# pwdhash -s PBKDF2_SHA256 password {PBKDF2_SHA256}AAAgAMwPYIhEkQozTagoX6RGG5E7d6/6oOJ8TVty...Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Set the
nsslapd-rootpwstorageschemeattribute to the storage scheme and thensslapd-rootpwattribute to the value displayed in the previous step using a secure connection (STARTTLS):dsconf -D "cn=Directory Manager" ldap://server.example.com config replace nsslapd-rootpwstoragescheme=PBKDF2_SHA256 nsslapd-rootpw="{PBKDF2_SHA256}AAAgAMwPYIhEkQozTagoX6RGG5E7d6/6oOJ8TVty..."# dsconf -D "cn=Directory Manager" ldap://server.example.com config replace nsslapd-rootpwstoragescheme=PBKDF2_SHA256 nsslapd-rootpw="{PBKDF2_SHA256}AAAgAMwPYIhEkQozTagoX6RGG5E7d6/6oOJ8TVty..."Copy to Clipboard Copied! Toggle word wrap Toggle overflow
20.7.3.2. Changing the Directory Manager Password Storage Scheme Using the Web Console
Link kopierenLink in die Zwischenablage kopiert!
Perform these steps to change the password using the web console:
- Open the Directory Server user interface in the web console. See Section 1.4, “Logging Into Directory Server Using the Web Console”.
- Select the instance.
- Open the menu, and select Server Settings.
- Open the Directory Manager tab.
- Set the password storage scheme.
- Directory Server cannot re-encrypt the current password using the new storage scheme. Therefore, enter a new password into the Directory Manager Password and Confirm Password field.
- Click .
20.7.4. Changing the Directory Manager DN
Link kopierenLink in die Zwischenablage kopiert!
As the administrator, perform the following step to change the Directory Manager DN to
cn=New Directory Manager:
dsconf -D "cn=Directory Manager" ldap://server.example.com config replace nsslapd-rootdn="cn=New Directory Manager"
# dsconf -D "cn=Directory Manager" ldap://server.example.com config replace nsslapd-rootdn="cn=New Directory Manager"
Note that Directory Server supports only changing the Directory Manager DNs using the command line.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}