directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@gmail.com>
Subject Re: [ApacheDS] set admin password
Date Sat, 31 Jul 2010 01:34:09 GMT
  On 7/31/10 1:24 AM, William Dauphin wrote:
> I am new to ApacheDS.  I want to set the admin password from the default “secret”
and hoped I could configure this.

You can.

>   I can only find information on doing this from a UI (Apache Directory Studio, JXplorer..)
which I don’t want to do because I want to do it behind the scenes in an install package.
You mean : while installing the server ?
>   I have seen references to setting it in a server.xml but can’t seem to find any clear
examples or format.  My questions are:
>
> 1)      Can I set it in the server.xml and if so how?  The only server.xml file I see
is at Apache Directory Server\instances\default\conf
Nope. The password is stored into an Entry, which is not configured by 
the configuration file.
> 2)      I don’t want to store it in clear text.  If I can store it in the server.xml
or similar can it be encrypted?
You can modify the uid=admin,ou=system entry, storing an encrypted 
password into it. The easiest way to do it is to use Studio, as 
explained on 
http://directory.apache.org/apacheds/1.5/142-changing-the-admin-password.html.

If you can't launch Studio on the server - which is obviously a possible 
case for a server running no X11 - you can still use a command line 
utility like ldap-modify to do so :
http://tldp.org/HOWTO/LDAP-HOWTO/utilities.html

In order to store an encrypted password, you have to store the 
encryption method in front of the encrypted password, in curly bracets. 
The best is to use Studio to generate this encrypted password, and to 
copy paste it into your entry before sending this entry to the server. 
You can even do the full manipulation inside Studio :
- launch a server in studio
- connect to it
- modify the local password
- extract the uid=admin entry as LDIF
- now use this LDIF to create the modificatio to inject to the target 
server.

We do not support yet the Password Modify extended operatio in ADS (RFC 
3062) sadly...

Hope it helps...
>
> Thanks,
> Doug 		 	   		


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com


Mime
View raw message