> dsconf slapd-YOUR_INSTANCE directory_manager password_change --> this
> will prompt you for the new password
That did the trick, thanks a lot!
It also made me curious how the actual format for 'nsslapd-rootpw' was and it turns out I wasn't off with '{crypt}$6$...':
# dsconf localhost config get | grep rootpw
nsslapd-rootpw: {crypt}.mR.LkShcdNcJbAFPE.10PKJ7EFD4hB0C33znHyIjgPF67IxNVNKgkKDiuuxQq/
nsslapd-rootpwstoragescheme: CRYPT-SHA512
However, I noticed that the hash was not what I fed into dsconf. So it turns out that one _can_ set the rootpw through dsconf but it has to be in plain text:
# dsconf localhost config replace nsslapd-rootpwstoragescheme=CRYPT-SHA512 nsslapd-rootpw="secret"
Successfully replaced "nsslapd-rootpwstoragescheme"
Successfully replaced "nsslapd-rootpw"
# dsconf localhost config get | grep rootpw
nsslapd-rootpw: {crypt}$6$bW$Gea8I1Xoi.zkkGWBvrIxIm41G3/90hX2L4H3hMt18js7VzkT14YNuNtY4Ueao181O/MfPuPn4TmyQFcGZIThI.
nsslapd-rootpwstoragescheme: CRYPT-SHA512
Since I'd like to change the password non-interactively this seems a bit easier than fiddling around with 'dsconf slapd-YOUR_INSTANCE directory_manager password_change' which doesn't seem to have an option to read the password from stdin?
I did some more research and switching from PBKDF2_SHA256 to CRYPT-SHA512 probably has no significant security benefit anyway so in the end this was a bit of an academic exercise. If someone has an opinion on that, I'd be interested to hear that though.
Thanks again Mark for your quick help.
Cheers!
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
