Some forums I searched talked about resetting the Service Manager password via the DSCC console. What a joke! :) I can't even login, how am I able to reset password via DSCC console?
Changing password via DSCC console
There are 2 ways to resolve this issue:
1. To dismantle and initialize DSCC again
bash-3.00# ./dsccsetup dismantle
:
bash-3.00# ./dsccsetup initialize
:
Registration is on-going. Please wait...
DSCC is registered in Sun Java(TM) Web Console
:
DSCC agent has been successfully registered in Cacao.
***
Choose password for Directory Service Manager:
Confirm password for Directory Service Manager:
Creating DSCC registry...
DSCC Registry has been created successfully
***
Simple. But of course, previous configuration of registered servers are gone. You need to register again.
2. Change password via CLI
Some basic concepts first.
bash-3.00# ./dsccsetup status
***
:
DSCC Registry has been created
Path of DSCC registry is /var/opt/SUNWdsee/dscc6/dcc/ads
Port of DSCC registry is 3998
***
- DSCC configuration are stored in a LDAP database at port 3998
- Service Manager is known as cn=admin,cn=Administrators,cn=dscc in this LDAP database (see screenshot above)
- "cn=Directory Manager" credential is required to modify the Service Manager password
- The funny thing is the default password for "cn=Directory Manager" is the same as Directory Service Manager. (see dsccsetup initialize above. the steps are so simple. it assumes both to have the same password)
So we need to perform 2 steps:
Step 1 - Change the Directory Manager password
bash-3.00# /opt/SUNWdsee/ds6/bin/pwdhash -D /var/opt/SUNWdsee/dscc6/dcc/ads -s SHA password2
{SSHA}qFcXDQCKZ4u4GyrM8Uw4uGOHdsnVPP9MaC0WeQ==
bash-3.00# cd /var/opt/SUNWdsee/dscc6/dcc/ads/
bash-3.00# ./stop-slapd
bash-3.00# cd /var/opt/SUNWdsee/dscc6/dcc/ads/config
bash-3.00# cp dse.ldif dse.ldif.OLD
bash-3.00# vi dse.ldif
At dn: cn=config
Replace:
nsslapd-rootpw: {SSHA}guaZfnFtTHeT8EpWpBhuRlBCMLWpdgt0tBvfBw==
with:
nsslapd-rootpw: {SSHA}qFcXDQCKZ4u4GyrM8Uw4uGOHdsnVPP9MaC0WeQ==
bash-3.00# ./start-slapd
Step 2 - Change the Service Manager password
bash-3.00# ldapmodify -p 3998 -D "cn=Directory Manager"
Enter bind password:
dn: cn=admin,cn=Administrators,cn=dscc
changetype: modify
replace: userPassword
userPassword: password2 <-- Rest assured. This password will be hashed during modification.
modifying entry cn=admin,cn=Administrators,cn=dscc
Done!
.
I am trying to do this procedure but when i try to change the Service Manager password it says to me: ldap_modify: No exits such object
ReplyDeleteHave you initialize DSCC in the first place? It seems like the entry "dn: cn=admin,cn=Administrators,cn=dscc" does not even exist.
ReplyDeleteHi. Thanks for the the article, explanation is superb!
ReplyDeleteI am trying to reset my DSCC password but I donot have dn: cn=admin,cn=Administrators,cn=dscc in my dse.ldif. do I need to create it? if yes, how?
Are you in the correct folder? You should not be going to the data folder. The correct folder is where the ADS is. e.g. /var/opt/SUNWdsee/dscc6/dcc/ads/config
ReplyDeleteGenerally can we have two different passwords for port 389 & port 3998?
ReplyDeleteIs it a valid scenario to have two different passwords specific to port?
is there any documentation supporting that two ports having two different password is a valid scenario?
ReplyDeleteNo.
ReplyDeleteIs it a valid scenario to have two different passwords specific to port?
DeleteMy company policy does not allow any shared/generic account. Can I disable this "admin" account (I can set up individual accounts for administrators)? Or at least make this account "locked" so that no one can log on to this account?
ReplyDelete