--On Thursday, November 19, 2020 11:41 AM +0000 Клеусов
Владимир Сергеевич <[email protected]> wrote:
Hi.
How do I change the admin password correctly and not break replication ?
=)
here when setting up replication the password was mentioned
It appears you've set up cn=config replication. I would warn that
replicating cn=config in OpenLDAP 2.4 has known issues and is not advised.
Replicating an underlying binary db (such as a back-mdb database) is fine.
In the latter case, best practice is to use a replication specific identity
for doing the replication and not the rootdn.
As far as your overall question goes, you would want to:
a) update the olcRootPW value in cn=config
b) update the olcSyncrepl attribute values with the new password
Something like:
ldapmodify <options>
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: mynewpassword
-
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcSyncRepl
olcSyncRepl: ....
olcSyncRepl: ....
I would note that these updates should not affect/break *existing*
replication connections. I.e., there would be no effect until slapd is
restarted.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
