7.6. Resetting the Directory Manager Password
Passwords are stored in the Directory Server databases and can be modified with tools like ldapmodify and through the Directory Server Console. The Directory Manager password is stored in the Directory Server configuration files and can be viewed (if lost) and modified by editing that file. To check or reset the Directory Manager password, do the following:
Stop the Directory Server. If the Directory Server is not stopped when the configuration files are edited, the changes are not applied.
service dirsrv stop
Generate a new, hashed password using pwdhash. On Linux and Solaris, the tool is in the /usr/bin directory; on HP-UX, it is in the /opt/dirsrv/bin directory. For example:
/usr/bin/pwdhash newpassword
{SSHA}nbR/ZeVTwZLw6aJH6oE4obbDbL0OaeleUoT21w==
In the configuration directory, open the dse.ldif file. For example:
cd /etc/dirsrv/slapd-instance/
vi dse.ldif
Locate the nsslapd-rootpw parameter.
nsslapd-rootpw: {SSHA}x03lZLMyOPaGH5VB8fcys1IV+TVNbBIOwZEYoQ==
Delete the old password, and enter in the new hashed password. For example:
nsslapd-rootpw: {SSHA}nbR/ZeVTwZLw6aJH6oE4obbDbL0OaeleUoT21w==
Save the change.
Start the Directory Server. For example:
service redhat-ds start
When the Directory Server restarts, log into the Console again as Directory Manager, and verify that the password works.