= iPlanet Administrative Account Passwords = There are two administrative accounts utilized by iPlanet to manage an iPlanet install and its individual directory instances: * ''admin'' * cn=Directory Manager The ''admin'' account grants access to the iPlanet console through which directory instances can be created/deleted. The Directory Manager account grants full access to a particular directory instance. == Administrative Passwords == Both passwords are stored in encrypted form in various iplanet related config files: /e01/iplanet/servers/admin-serv/config/local.conf /e01/iplanet/servers/slapd-/config/dse.ldif However, the passwords should always be changed via the iPlanet console. <> {{{ $ export DISPLAY=:0.0 $ startadmin $ startconsole # make your password changes via console, then exit $ stopadmin }}} The passwords for admin and Directory Manager passwords are local to an iPlanet install and directory instance. They are *NOT* replicated. Therefore, these passwords must be changed independently on each "e" box and in each directory instance. == CRITICAL NOTE == The Directory Manager account is utilized by the back end to EDIR/AUTHSERV to perform restricted actions not currently granted to individuals. For that reason, follow this procedure when changing the Directory Manager password: 1. Request server be quiesced in applicable Equalizer clusters 2. Change Directory Manager password via iPlanet console 3. Bounce directory https://donnelly.alaska.edu/docs/LDAP/LDAP_starting_stopping 4. Change Directory Manager utilized by back end to EDIR/AUTHSERV (see ~iplanet .*pass) 5. Confirm Directory Manager access continues to function with new password ldap_queryProd "(ou=routing)" dn 6. Request server to activated in applicable Equalizer clusters ###########################[[br]] 20081028 elm