How to reset the cn=root directory password for Symantec Security Information Manager v4.x
Article ID: 177307
Updated On:
Products
Issue/Introduction
You do not remember the password for cn=root or you would like to change the password for the directory.
Resolution
Depending on your version of Symantec Security Information Manager you will need to do one of the following sets of commands:
Set 1: All versions of SSIM except SSIM 4.7.4 Patch 13 use the following commands:
From a remote access connection or a putty session login or su to root. At the command prompt type:
- # service ibmldap stop
- When the service has stopped type
- # idsdnpw
You will then be prompted to "Enter the directory server administrator password:" and at that time at the command prompt type the new password. The password will not echo or appear on the screen and then you will see the following lines:
- # You have chosen to perform the following actions:
# You have chosen to perform the following actions:
GLPDPW005I The directory server administrator password will be set.
Do you want to....
(1) Continue with the above actions, or
(2) Exit without making any changes:
Type 1 and press enter and you will then see the following lines
- GLPDPW006I Setting the directory server administrator password.
GLPDPW007I Set the directory server administrator password.
#
At the prompt type
- # service ibmldap start
Once the service has restarted the password will be changed.
Note: To verify the password is changed, before you stop the ibmldap service type the following command at the prompt:
#more /dbsesa/ldapdb2/idsslapd-ldapdb2/etc/ibmslapd.conf
and make a note of the following line:
ibm-slapdAdminPW: <Hashed password>
Afer you have restarted the ibmldap service check the line again and the <Hashed password>
Set 2: SSIM 4.7.4 Patch 13
From a remote access connection or a putty session login or su to root, at the command prompt type:
- # service ibmldap stop
# ps -ef | grep ibmdiradm (To find the PID number of the ibmdiradm service)
# Kill -3 <pid of ibmdiradm>
# idsdnpw
You will then be prompted to "Enter the directory server administrator password:" and at that time at the command prompt type the new password. The password will not echo or appear on the screen and then you will see the following lines: # You have chosen to perform the following actions:
# You have chosen to perform the following actions:
GLPDPW005I The directory server administrator password will be set.
Do you want to....
(1) Continue with the above actions, or
(2) Exit without making any changes:
Type 1 and press enter and you will then see the following lines
- GLPDPW006I Setting the directory server administrator password.
GLPDPW007I Set the directory server administrator password.
#
At the prompt type:
- # /opt/ibm/ldap/V6.1/sbin/32/ibmdiradm -I ldapdb2 # start ibmdiradm
# service ibmldap start
Once the services have restarted the password will be changed.
Note: To verify the password is changed, before you stop the ibmldap service type the following command at the prompt:
#more /dbsesa/ldapdb2/idsslapd-ldapdb2/etc/ibmslapd.conf
and make a note of the following line:
ibm-slapdAdminPW: <Hashed password>
Afer you have restarted the ibmldap service check the line again and the <Hashed password>will be different.
Feedback
