| Version 1 (modified by lttoth@…, 9 years ago) (diff) |
|---|
iPlanet Administrative Account Passwords
There are two administrative accounts utilized by iPlanet to manage an iPlanet install and its individual directory instances:
- admin
- cn=Directory Manager
The admin account grants access to the iPlanet console through which directory instances can be created/deleted.
The Directory Manager account grants full access to a particular directory instance.
Administrative Passwords
Both passwords are stored in encrypted form in various iplanet related config files:
/e01/iplanet/servers/admin-serv/config/local.conf /e01/iplanet/servers/slapd-<server><Inst>/config/dse.ldif
However, the passwords should always be changed via the iPlanet console.
<<ssh to "e" box>>
$ export DISPLAY=<yourIP>:0.0 $ startadmin $ startconsole # make your password changes via console, then exit $ stopadmin
The passwords for admin and Directory Manager passwords are local to an iPlanet install and directory instance. They are *NOT* replicated. Therefore, these passwords must be changed independently on each "e" box and in each directory instance.
CRITICAL NOTE
The Directory Manager account is utilized by the back end to EDIR/AUTHSERV to perform restricted actions not currently granted to individuals. For that reason, follow this procedure when changing the Directory Manager password:
- Request server be quiesced in applicable Equalizer clusters
- Change Directory Manager password via iPlanet console
- Bounce directory
https://donnelly.alaska.edu/docs/LDAP/LDAP_starting_stopping
- Change Directory Manager utilized by back end to EDIR/AUTHSERV
(see ~iplanet .*pass)
- Confirm Directory Manager access continues to function with new password
ldap_queryProd "(ou=routing)" dn
- Request server to activated in applicable Equalizer clusters
###########################
20081028 elm
