6.5. Resetting the Directory Manager Password

Passwords are stored in the Directory Server databases and can be modified with tools like ldapmodify and through the Directory Server Console. The Directory Manager password is stored in the Directory Server configuration files and can be viewed (if lost) and modified by editing that file. To check or reset the Directory Manager password:
  1. Stop the Directory Server. If the Directory Server is not stopped when the configuration files are edited, the changes are not applied.
    # service dirsrv stop
  2. Generate a new, hashed password using pwdhash. On Linux, the tool is in the /usr/bin directory. For example:
    # /usr/bin/pwdhash newpassword
  3. In the configuration directory, open the dse.ldif file. For example:
    # vim /etc/dirsrv/slapd-instance_name/dse.ldif
  4. Locate the nsslapd-rootpw parameter.
    nsslapd-rootpw: {SSHA}x03lZLMyOPaGH5VB8fcys1IV+TVNbBIOwZEYoQ==
    Delete the old password, and enter in the new hashed password. For example:
    nsslapd-rootpw: {SSHA}nbR/ZeVTwZLw6aJH6oE4obbDbL0OaeleUoT21w==
  5. Save the change.
  6. Start the Directory Server. For example:
    # service dirsrv start
  7. When the Directory Server restarts, log into the Console again as Directory Manager, and verify that the password works.