| | 1 | = iPlanet Administrative Account Passwords = |
| | 2 | |
| | 3 | There are two administrative accounts utilized by iPlanet to manage an iPlanet |
| | 4 | install and its individual directory instances: |
| | 5 | |
| | 6 | * ''admin'' |
| | 7 | * cn=Directory Manager |
| | 8 | |
| | 9 | The ''admin'' account grants access to the iPlanet console through which directory |
| | 10 | instances can be created/deleted. |
| | 11 | |
| | 12 | The Directory Manager account grants full access to a particular directory instance. |
| | 13 | |
| | 14 | == Administrative Passwords == |
| | 15 | Both passwords are stored in encrypted form in various iplanet related config |
| | 16 | files: |
| | 17 | |
| | 18 | /e01/iplanet/servers/admin-serv/config/local.conf |
| | 19 | /e01/iplanet/servers/slapd-<server><Inst>/config/dse.ldif |
| | 20 | |
| | 21 | However, the passwords should always be changed via the iPlanet console. |
| | 22 | |
| | 23 | <<ssh to "e" box>> |
| | 24 | {{{ |
| | 25 | $ export DISPLAY=<yourIP>:0.0 |
| | 26 | $ startadmin |
| | 27 | $ startconsole |
| | 28 | # make your password changes via console, then exit |
| | 29 | $ stopadmin |
| | 30 | }}} |
| | 31 | The passwords for admin and Directory Manager passwords are local to an iPlanet install and |
| | 32 | directory instance. They are *NOT* replicated. Therefore, these passwords |
| | 33 | must be changed independently on each "e" box and in each directory instance. |
| | 34 | |
| | 35 | == CRITICAL NOTE == |
| | 36 | The Directory Manager account is utilized by the back end to EDIR/AUTHSERV to |
| | 37 | perform restricted actions not currently granted to individuals. For that reason, |
| | 38 | follow this procedure when changing the Directory Manager password: |
| | 39 | |
| | 40 | 1. Request server be quiesced in applicable Equalizer clusters |
| | 41 | 2. Change Directory Manager password via iPlanet console |
| | 42 | 3. Bounce directory |
| | 43 | |
| | 44 | https://donnelly.alaska.edu/docs/LDAP/LDAP_starting_stopping |
| | 45 | |
| | 46 | 4. Change Directory Manager utilized by back end to EDIR/AUTHSERV |
| | 47 | |
| | 48 | (see ~iplanet .*pass) |
| | 49 | |
| | 50 | 5. Confirm Directory Manager access continues to function with new password |
| | 51 | |
| | 52 | ldap_queryProd "(ou=routing)" dn |
| | 53 | |
| | 54 | 6. Request server to activated in applicable Equalizer clusters |
| | 55 | ###########################[[br]] |
| | 56 | 20081028 elm |
| | 57 | |
