It is best practice to remember passwords, but because too many passwords, sometimes we forget.
We are not encouraged to write the password on any paper or share the password via email. This can lead to more serious security issues.
As a system administrator, sometimes forget the password to manage the directory service. Usually it use admin or Directory Manager’s password.
The normal user password is stored in Directory Server database and can be modified with tool such as ldapmodify and through 389 Directory Server client Console.
Directory Manager’s password stored in the directory server configuration file and can be seen (if you lose) and modified by editing the file.
If you forget the Directory Manager’s password, it’s pretty easy to reset it. You will have to edit the main server config file (dse.ldif).
This article shows how to check or reset the Directory Manager password on RHEL 7 or CentOS 7.
Steps to Reset the Directory Manager Password
1. You must stop the directory service. If the server is running when the configuration file (dse.ldif) are modified, the changes will be lost and not applied.
# systemctl stop [yourinstance]
2. Next, generate the new password using the pwdhash command :
# /usr/bin/pwdhash yournewpassword
Note : This will print out the hashed password string using the default directory manager password hashing scheme for your instance (SSHA by default).
3. In the configuration directory, open dse.ldif.
# cd /etc/dirsrv/slapd-instancename # vi dse.ldif
4. Locate the nsslapd-rootpw parameter. Replace old directory manager password with the generated your new password in step 2 above :
nsslapd-rootpw: {SSHA}123s0doP1i0VgQMm8jMjGw72AzVEzyLJS9sj34==
5. Save the changes and start the directory service :
# systemctl start [yourinstance]
6. Log into the Console again as Directory Manager, and verify the password.