iPlanet Administrative Account Passwords

There are two administrative accounts utilized by iPlanet to manage an iPlanet install and its individual directory instances:

• admin
• cn=Directory Manager

The admin account grants access to the iPlanet console through which directory instances can be created/deleted.

The Directory Manager account grants full access to a particular directory instance.

Administrative Passwords

Both passwords are stored in encrypted form in various iplanet related config files:

/e01/iplanet/servers/admin-serv/config/local.conf /e01/iplanet/servers/slapd-<server><Inst>/config/dse.ldif

However, the passwords should always be changed via the iPlanet console.

<<ssh to "e" box>>

$ export DISPLAY=<yourIP>:0.0
$ startadmin
$ startconsole
	# make your password changes via console, then exit
$ stopadmin

The passwords for admin and Directory Manager passwords are local to an iPlanet install and directory instance. They are *NOT* replicated. Therefore, these passwords must be changed independently on each "e" box and in each directory instance.

CRITICAL NOTE

The Directory Manager account is utilized by the back end to EDIR/AUTHSERV to perform restricted actions not currently granted to individuals. For that reason, follow this procedure when changing the Directory Manager password:

1. Request server be quiesced in applicable Equalizer clusters
2. Change Directory Manager password via iPlanet console
3. Bounce directory

​https://donnelly.alaska.edu/docs/LDAP/LDAP_starting_stopping

4. Change Directory Manager utilized by back end to EDIR/AUTHSERV

(see ~iplanet .*pass)

5. Confirm Directory Manager access continues to function with new password

ldap_queryProd "(ou=routing)" dn

6. Request server to activated in applicable Equalizer clusters

###########################
20081028 elm