If you forget the directory manager password or you want to change it, it’s pretty easy to reset it. Here are several ways to reset the Directory Manager password.
You can edit the main server configuration file (dse.ldif) to reset the password if you have forgotten it. But before you do that, you must shutdown the server first. If the server is running and you edit dse.ldif, your changes will be lost!
For 389-ds-base-1.4.x use:
dsctl YOUR_INSTANCE stop
This will print out the hashed password string using the default directory manager password hashing scheme for your instance. Save the hahsed password forthe next step
Goto the your instance’s configuration directory
Edit the configuration file dse.ldif, then search for nsslapd-rootpw, and you will see a line like this:
Replace the value with the value printed out by pwdhash and save the file.
For 389-ds-base-1.4.x use
dsctl YOUR_INSTANCE start
You can use ldapmodify to change the Directory Manager’s password, and if you are 389-ds-base-1.4.x you can use the new CLI tool dsconf.
dsconf has a nice interactive interface and it will automatically use the most secure protocol available on the server. This is only available on 389-ds-base-1.4.x
dsconf -D "cn=Directory Manager" YOUR_INSTANCE directory_manager password_change
# dsconf -D "cn=Directory Manager" slapd-localhost directory_manager password_change
Enter password for cn=Directory Manager on localhost: <type something>
Enter new directory manager password : <type something new>
CONFIRM - Enter new directory manager password : <confirm something new>
Since you’re updating the password over the network in clear text you should be using LDAPS/StartTLS.
# ldapmodify -x -H "ldaps://server.example.com:636" -D "cn=directory manager" -w YOUR_CURRENT_PASSWORD
<press enter twice>