Google Answers Logo
View Question
Q: How to reset the root/master LDAP password ( Answered 5 out of 5 stars,   0 Comments )
Subject: How to reset the root/master LDAP password
Category: Computers > Programming
Asked by: flight553-ga
List Price: $30.00
Posted: 04 Feb 2003 17:09 PST
Expires: 06 Mar 2003 17:09 PST
Question ID: 157402
I am running Linux Redhat 7.3, with the follwowing LDAP RPMs:


PAM uses LDAP for authentication and holding information about users
on the system (UID, GID, homedir, shell) instead of /etc/passwd and

I need to change the master LDAP user's password where cn=root
I believe that the name being "root" is a coincidence and is not the
same as the unix user "root", since the unix root user has a different
password than the one that is currently allowed to connect to the LDAP

Some background information: I have a perl script that is part of a
program that is used when changing information in the LDAP directory
by first connecting to LDAP with priveleges to modify anything.
Relevant perl code showing the connection using the password that I
need to have changed is here:

use Net::LDAPS;
my $ldap = undef;

sub anon_bind()
  $ldap = Net::LDAPS->new("", port => 636, verify =>
  $result = $ldap->bind();
  if($result->code) { return 0; }
  return $ldap;

sub root_bind()
  if(!$ldap) { $ldap = anon_bind(); }
  $result = $ldap->bind("cn=root,dc=myhost,dc=com", password =>
  return $ldap;

It is that $changeme password that I need to change in LDAP. I think
changing it is done with the ldapmodify command, but I am not sure.

My question is: Please show me how to change the cn=root password on
my LDAP directory.

Request for Question Clarification by maniac-ga on 04 Feb 2003 18:00 PST
Hello Flight553,

Hmm. If I understand the set up properly, the "rootpw" is stored in
the file
and cannot be changed through the normal LDAP interfaces. Once this
file is updated, use
  /etc/init.d/ldap restart   [or stop followed by start]
to reload the updated configuration file to make the rootpw change.

For references, see

To confirm this interpretation, you may want to try the gq LDAP client
and see if you can browse / change the rootpw value.

Would you be interested in some suggestions on how to do this remotely
or do you want a more detailed search on how to do this through the
LDAP interfaces.


Clarification of Question by flight553-ga on 04 Feb 2003 23:38 PST
Your Request for Clarification was enough to help me change the rootpw
on my LDAP directory. This is my first time using Google Answers, so I
did not hit Close Question because I want to make sure you get paid
for your answer.

One thing while changing the password, I tried using an {SSHA} style
passwd as recommended in the docs you showed me (generated by a perl
script on same site), but it did not work, and I got "no write access
to parent". I re-tried using an md5_crypt {crypt} passwd generated by
another perl script on the same site and that one worked, so I can
bind to LDAP with the new changed passwd, which is what I wanted to

But do you know why the recommended SSHA passwd was not usable? (this
extra question is not necessary for you to answer in order to be paid)

As soon as I see something to click on here that says you have
answered, I will do so. Thanks.
Subject: Re: How to reset the root/master LDAP password
Answered By: maniac-ga on 05 Feb 2003 15:38 PST
Rated:5 out of 5 stars
Hello Flight553,

Thank you for the nice comments and let me take a shot at the
additional question as well.

The root password needs to be in a format that is supported by the
various utilities. I did a quick check of Red Hat's site, comparing
the following to documents:
for RH 7.3 (your version) and
for RH 8.0.

The latter has an example of the root password using SSHA, the former
has an older style crypt password. It may be that you need a more
recent version to use SSHA on your LDAP server. In both cases, it
recommends the use of slappasswd to generate the password to use here.
You may try that instead of the perl script.

For further information, I used the following types of searches to
produce the question clarification request and this answer:
  change root ldap password linux
  ldap password linux
  rootpw slapd ssha
There are a number of good resources on line and I only touched on a
few of them.

Don't hesitate to ask for a clarification on this and good luck with
your work.

flight553-ga rated this answer:5 out of 5 stars
This researcher's Request for Clarification contained enough
information to fully solve my problem. I think that LDAP is a cryptic
and powerful software and I thought my question was fairly complicated
and obscure, but this researcher answered it fully within hours of my
asking it. This was a great first experience using Google Answers.

There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy