A typical command would look like this:
ldappasswd -H ldap://localhost -x -D "cn=admin,dc=example,dc=com" -W -A -S
But there is also this:
This is extracted from here: http://techiezone.rottigni.net/2011/12/change-root-dn-password-on-openldap/
First, we need to find a way to locate the credentials information of the administrator account in the correct database within the LDAP tree. This can be done using the command:
ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config olcRootDN=cn=admin,dc=example,dc=com dn olcRootDN olcRootPW
(replace olcRootDN value with the correct value to match your configuration)
This command will return:
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcDatabase={1}hdb,cn=config
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: {SHA}ksixAVfgRXavGCpkPefc6hRHL4X=
There are two interesting information we know now:
- we need to modify the entry “dn: olcDatabase={1}hdb,cn=config“
- the current password is hashed with SHA1 algorythm.
Therefore we need to generate our new password with the same algorythm using the command slappasswd using the syntax
slappasswd -h <the hashing scheme we want to use - for example {SHA}>
The system will then prompt us twice for the new password to use and will finally display the hashed value we’re interested in (example below with password = password)
# slappasswd -h {SHA} New password:
Re-enter new password:
{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
Then we’ll proceed to modify the entry we’ve identified above using the command:
# ldapmodify -Y EXTERNAL -H ldapi:///
The system will start the listening mode for modifying commands:
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
First, we enter the entry we want to modify:
dn: olcDatabase={1}hdb,cn=config
Second, we type in the parameter we want to modify:
replace: olcRootPW
Third, we type in the new password generated above (copy and paste is MUCH less error prone than manual typing at this point 😉 )
olcRootPW: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
Hit Enter another time to commit the modification and the following line will appear:
modifying entry "olcDatabase={1}hdb,cn=config"
After this, you can exit the listening mode with CTRL+C