Chapter 3. Changing the Directory Manager password
The Directory Manager is the privileged database administrator, comparable to the root
user in a Linux operating system. The Directory Manager entry and the corresponding password are set during the instance installation. As an administrator, you can change the Directory Manager password to use a different one.
3.1. Changing the Directory Manager password using the command line
You can set a new password for the Directory Manager using the dsconf
command line utility or manually by setting the nsslapd-rootpw
parameter.
Set the password using an encrypted connection only. Using an unencrypted connection can expose the password to the network. If your server does not support encrypted connections, use the web console to update the Directory Manager password.
Procedure
Set the Directory Manager password using one of the following options:
To encrypt the password automatically:
# dsconf -D "cn=Directory Manager" ldaps://server.example.com config replace nsslapd-rootpw=password
Directory Server automatically encrypts the plain text value that you set in the
nsslapd-rootpw
parameter.WarningDo not use curly braces
{}
in the password. Directory Server stores the password in the{password-storage-scheme}hashed_password
format. The server interprets characters in curly braces as the password storage scheme. If the string is an invalid storage scheme or if the password is not correctly hashed, the Directory Manager cannot connect to the server.To encrypt the password manually:
Generate a new password hash. For example:
# pwdhash -D /etc/dirsrv/slapd-instance_name password {PBKDF2_SHA256}AAAgAMwPYIhEkQozTagoX6RGG5E7d6/6oOJ8TVty...
The password is encrypted using the password storage scheme set in the
nsslapd-rootpwstoragescheme
attribute of the Directory Server instance configuration.Using a STARTTLS connection, set the
nsslapd-rootpw
attribute to the value displayed in the previous step:# dsconf -D "cn=Directory Manager" ldaps://server.example.com config replace nsslapd-rootpw="{PBKDF2_SHA256}AAAgAMwPYIhEkQozTagoX6RGG5E7d6/6oOJ8TVty..."
Additional resources
3.2. Changing the Directory Manager password using the web console
You can set a new password for the Directory Manager using the web console.
Prerequisites
- You are logged in to the instance in the web console.
Procedure
-
Open the
menu. -
Enter the new password into the
Directory Manager Password
andConfirm Password
fields. - Optional: Set a different password storage scheme.
- Click .