directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William Dauphin <>
Subject RE: [ApacheDS] set admin password
Date Mon, 02 Aug 2010 15:10:08 GMT

Yes that does help.  Thanks for the quick reply.   A command line utility should work fine
for what I need.  
To answer your question, yes while installing the server.  In my installation package I wanted
the user to give me the password they wanted to use and then go set it somewhere in a configuration
file.  Then I was using the following ant task to install ApacheDS
<target name="InstallDirectoryService">
<exec dir="${ds.dir}\bin" executable="${ds.dir}\bin\apacheds.exe">
<arg value="-i" />
<arg value="${ds.dir}\conf\apacheds.conf" />
<arg value="set.INSTANCE_HOME=${ds.dir}\instances" />
<arg value="set.APACHEDS_HOME=${ds.dir}" />
<arg value="set.INSTANCE=default" />
But I can install ApacheDS and then run the command line utility for the same results.  
> Date: Sat, 31 Jul 2010 03:34:09 +0200
> From:
> To:
> Subject: Re: [ApacheDS] set admin password
> On 7/31/10 1:24 AM, William Dauphin wrote:
> > I am new to ApacheDS. I want to set the admin password from the default “secret”
and hoped I could configure this.
> You can.
> > I can only find information on doing this from a UI (Apache Directory Studio, JXplorer..)
which I don’t want to do because I want to do it behind the scenes in an install package.
> You mean : while installing the server ?
> > I have seen references to setting it in a server.xml but can’t seem to find any
clear examples or format. My questions are:
> >
> > 1) Can I set it in the server.xml and if so how? The only server.xml file I see
is at Apache Directory Server\instances\default\conf
> Nope. The password is stored into an Entry, which is not configured by 
> the configuration file.
> > 2) I don’t want to store it in clear text. If I can store it in the server.xml
or similar can it be encrypted?
> You can modify the uid=admin,ou=system entry, storing an encrypted 
> password into it. The easiest way to do it is to use Studio, as 
> explained on 
> If you can't launch Studio on the server - which is obviously a possible 
> case for a server running no X11 - you can still use a command line 
> utility like ldap-modify to do so :
> In order to store an encrypted password, you have to store the 
> encryption method in front of the encrypted password, in curly bracets. 
> The best is to use Studio to generate this encrypted password, and to 
> copy paste it into your entry before sending this entry to the server. 
> You can even do the full manipulation inside Studio :
> - launch a server in studio
> - connect to it
> - modify the local password
> - extract the uid=admin entry as LDIF
> - now use this LDIF to create the modificatio to inject to the target 
> server.
> We do not support yet the Password Modify extended operatio in ADS (RFC 
> 3062) sadly...
> Hope it helps...
> >
> > Thanks,
> > Doug 
> -- 
> Regards,
> Cordialement,
> Emmanuel Lécharny
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message