[ApacheDS] set admin password

Discussion:

William Dauphin

2010-07-30 23:24:18 UTC

I am new to ApacheDS. I want to set the admin password from the default secret and hoped I could configure this. I can only find information on doing this from a UI (Apache Directory Studio, JXplorer..) which I dont want to do because I want to do it behind the scenes in an install package. I have seen references to setting it in a server.xml but cant seem to find any clear examples or format. My questions are:

1) Can I set it in the server.xml and if so how? The only server.xml file I see is at Apache Directory Server\instances\default\conf
2) I dont want to store it in clear text. If I can store it in the server.xml or similar can it be encrypted?

Thanks,
Doug

Emmanuel Lecharny

2010-07-31 01:34:09 UTC

Permalink

I am new to ApacheDS. I want to set the admin password from the default “secret” and hoped I could configure this.

You can.

I can only find information on doing this from a UI (Apache Directory Studio, JXplorer..) which I don’t want to do because I want to do it behind the scenes in an install package.

You mean : while installing the server ?

1) Can I set it in the server.xml and if so how? The only server.xml file I see is at Apache Directory Server\instances\default\conf

Nope. The password is stored into an Entry, which is not configured by
the configuration file.

2) I don’t want to store it in clear text. If I can store it in the server.xml or similar can it be encrypted?

You can modify the uid=admin,ou=system entry, storing an encrypted
password into it. The easiest way to do it is to use Studio, as
explained on
http://directory.apache.org/apacheds/1.5/142-changing-the-admin-password.html.

If you can't launch Studio on the server - which is obviously a possible
case for a server running no X11 - you can still use a command line
utility like ldap-modify to do so :
http://tldp.org/HOWTO/LDAP-HOWTO/utilities.html

In order to store an encrypted password, you have to store the
encryption method in front of the encrypted password, in curly bracets.
The best is to use Studio to generate this encrypted password, and to
copy paste it into your entry before sending this entry to the server.
You can even do the full manipulation inside Studio :
- launch a server in studio
- connect to it
- modify the local password
- extract the uid=admin entry as LDIF
- now use this LDIF to create the modificatio to inject to the target
server.

We do not support yet the Password Modify extended operatio in ADS (RFC
3062) sadly...

Hope it helps...

Thanks,
Doug

--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

William Dauphin

2010-08-02 15:10:08 UTC

Permalink

Yes that does help. Thanks for the quick reply. A command line utility should work fine for what I need.

To answer your question, yes while installing the server. In my installation package I wanted the user to give me the password they wanted to use and then go set it somewhere in a configuration file. Then I was using the following ant task to install ApacheDS

<target name="InstallDirectoryService">
<exec dir="${ds.dir}\bin" executable="${ds.dir}\bin\apacheds.exe">
<arg value="-i" />
<arg value="${ds.dir}\conf\apacheds.conf" />
<arg value="set.INSTANCE_HOME=${ds.dir}\instances" />
<arg value="set.APACHEDS_HOME=${ds.dir}" />
<arg value="set.INSTANCE=default" />
</exec>
</target>

But I can install ApacheDS and then run the command line utility for the same results.

Thanks,
Doug

Date: Sat, 31 Jul 2010 03:34:09 +0200
Subject: Re: [ApacheDS] set admin password

I am new to ApacheDS. I want to set the admin password from the default secret and hoped I could configure this.

You can.

I can only find information on doing this from a UI (Apache Directory Studio, JXplorer..) which I dont want to do because I want to do it behind the scenes in an install package.

You mean : while installing the server ?

1) Can I set it in the server.xml and if so how? The only server.xml file I see is at Apache Directory Server\instances\default\conf

Nope. The password is stored into an Entry, which is not configured by
the configuration file.

2) I dont want to store it in clear text. If I can store it in the server.xml or similar can it be encrypted?

You can modify the uid=admin,ou=system entry, storing an encrypted
password into it. The easiest way to do it is to use Studio, as
explained on
http://directory.apache.org/apacheds/1.5/142-changing-the-admin-password.html.
If you can't launch Studio on the server - which is obviously a possible
case for a server running no X11 - you can still use a command line
http://tldp.org/HOWTO/LDAP-HOWTO/utilities.html
In order to store an encrypted password, you have to store the
encryption method in front of the encrypted password, in curly bracets.
The best is to use Studio to generate this encrypted password, and to
copy paste it into your entry before sending this entry to the server.
- launch a server in studio
- connect to it
- modify the local password
- extract the uid=admin entry as LDIF
- now use this LDIF to create the modificatio to inject to the target
server.
We do not support yet the Password Modify extended operatio in ADS (RFC
3062) sadly...
Hope it helps...

Thanks,
Doug

--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Emmanuel Lecharny

2010-08-02 15:20:36 UTC

Permalink

Post by William Dauphin
But I can install ApacheDS and then run the command line utility for the same results.

I'm afraid you have to do that...

--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

William Dauphin

2010-08-02 19:38:40 UTC

Permalink

I am not sure if this is the right place for this question or not:

So I am trying to use the apacheds-tools to change the admin password via the command line by doing:

java -jar apacheds-tools.jar import -f ..\..\modify_attribute.ldif -w secret --e

with the following ldif file contents:

dn: uid=admin,ou=system
changetype: modify
replace: userPassword
userPassword: testing

But get the following excpetion:

log4j:WARN No appenders could be found for logger (org.apache.directory.shared.ldap.codec.bind.SimpleAuthentication).
log4j:WARN Please initialize the log4j system properly.
Exception in thread "main" org.apache.directory.shared.asn1.codec.EncoderException: The PDU buffer size is too small !
at org.apache.directory.shared.ldap.codec.modify.ModifyRequestCodec.encode(ModifyRequestCodec.java:499)
at org.apache.directory.shared.ldap.codec.LdapMessageCodec.encode(LdapMessageCodec.java:677)
at org.apache.directory.server.tools.ImportCommand.changeModifyEntry(ImportCommand.java:445)
at org.apache.directory.server.tools.ImportCommand.changeEntry(ImportCommand.java:497)
at org.apache.directory.server.tools.ImportCommand.execute(ImportCommand.java:697)
at org.apache.directory.server.tools.ApachedsTools.main(ApachedsTools.java:118)

Any ideas why I get this error?

Thanks,
Doug

Date: Mon, 2 Aug 2010 17:20:36 +0200
Subject: Re: [ApacheDS] set admin password

Post by William Dauphin
But I can install ApacheDS and then run the command line utility for the same results.

I'm afraid you have to do that...
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Kiran Ayyagari

2010-08-02 19:42:47 UTC

Permalink

hi William,

sadly the tools project was not updated in a long time as we decided to
focus on more important issues.

Did you try studio to import data?

Kiran Ayyagari

Post by William Dauphin
java -jar apacheds-tools.jar import -f ..\..\modify_attribute.ldif -w secret --e
dn: uid=admin,ou=system
changetype: modify
replace: userPassword
userPassword: testing
log4j:WARN No appenders could be found for logger (org.apache.directory.shared.ldap.codec.bind.SimpleAuthentication).
log4j:WARN Please initialize the log4j system properly.
Exception in thread "main" org.apache.directory.shared.asn1.codec.EncoderException: The PDU buffer size is too small !
at org.apache.directory.shared.ldap.codec.modify.ModifyRequestCodec.encode(ModifyRequestCodec.java:499)
at org.apache.directory.shared.ldap.codec.LdapMessageCodec.encode(LdapMessageCodec.java:677)
at org.apache.directory.server.tools.ImportCommand.changeModifyEntry(ImportCommand.java:445)
at org.apache.directory.server.tools.ImportCommand.changeEntry(ImportCommand.java:497)
at org.apache.directory.server.tools.ImportCommand.execute(ImportCommand.java:697)
at org.apache.directory.server.tools.ApachedsTools.main(ApachedsTools.java:118)
Any ideas why I get this error?
Thanks,
Doug

Date: Mon, 2 Aug 2010 17:20:36 +0200
Subject: Re: [ApacheDS] set admin password

Post by William Dauphin
But I can install ApacheDS and then run the command line utility for the same results.

I'm afraid you have to do that...
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

William Dauphin

2010-08-02 20:01:53 UTC

Permalink

Well I am writing an installation package that installs many parts (jre, Apache Server, ApacheDS, Tomcat, web application...) and am attempting to require as few installer UI's and other tools (Studio) from showing up on top of my installer. That is why I am trying to get a command line tool to work.

Thanks,
Doug

Date: Tue, 3 Aug 2010 01:12:47 +0530
Subject: Re: [ApacheDS] set admin password
hi William,
sadly the tools project was not updated in a long time as we decided to
focus on more important issues.
Did you try studio to import data?
Kiran Ayyagari

Date: Mon, 2 Aug 2010 17:20:36 +0200
Subject: Re: [ApacheDS] set admin password

Post by William Dauphin
But I can install ApacheDS and then run the command line utility for the same results.

I'm afraid you have to do that...
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Kiran Ayyagari

2010-08-02 20:09:30 UTC

Permalink

interesting, btw, writing such a tool using client-api is very simple,
just take a look at
the tests present in ldap-client-test module.
feel free to ping us if you need any help

Kiran Ayyagari

Thanks,
Doug

Date: Mon, 2 Aug 2010 17:20:36 +0200
Subject: Re: [ApacheDS] set admin password

Post by William Dauphin
But I can install ApacheDS and then run the command line utility for the same results.

I'm afraid you have to do that...
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

William Dauphin

2010-08-02 22:00:23 UTC

Permalink

FYI, got it working using Ldifde with the following command line which will only work on Windows Server 2003 and 2008 I think:

ldifde -i -f "your\file\path\modify_attribute.ldif" -s localhost:10389 -a uid=admin,ou=system secret

Thanks,
Doug

Date: Tue, 3 Aug 2010 01:39:30 +0530
Subject: Re: [ApacheDS] set admin password

Post by William Dauphin
Well I am writing an installation package that installs many parts (jre, Apache Server, ApacheDS, Tomcat, web application...) and am attempting to require as few installer UI's and other tools (Studio) from showing up on top of my installer. That is why I am trying to get a command line tool to work.

interesting, btw, writing such a tool using client-api is very simple,
just take a look at
the tests present in ldap-client-test module.
feel free to ping us if you need any help
Kiran Ayyagari

Post by William Dauphin
Thanks,
Doug

Date: Mon, 2 Aug 2010 17:20:36 +0200
Subject: Re: [ApacheDS] set admin password

Post by William Dauphin
But I can install ApacheDS and then run the command line utility for the same results.

I'm afraid you have to do that...
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

William Dauphin

2010-08-02 22:10:01 UTC

Permalink

ok, it works with apache-tools.jar as well. My ldif file was missing a "-" at the end which the Ldifde helped me find.

LDIF file looks as follows:

dn: uid=admin,ou=system
changetype: modify
replace: userPassword
userPassword: testing

-

Thanks,
Doug

Subject: RE: [ApacheDS] set admin password
Date: Mon, 2 Aug 2010 17:00:23 -0500
ldifde -i -f "your\file\path\modify_attribute.ldif" -s localhost:10389 -a uid=admin,ou=system secret
Thanks,
Doug

Date: Tue, 3 Aug 2010 01:39:30 +0530
Subject: Re: [ApacheDS] set admin password

interesting, btw, writing such a tool using client-api is very simple,
just take a look at
the tests present in ldap-client-test module.
feel free to ping us if you need any help
Kiran Ayyagari

Thanks,
Doug