HowTo: How could i re-create the cn=admin?

MiracErde · March 29, 2023, 3:43pm

# How could i re-create the cn=admin?

1. Check if it really no longer there

slapcat | grep '^dn: cn=admin,'

Hint

Due to ACLs only cn=admin itself is allowed to access cn=admin itself. Using any other (authenticated) user will just not work.

2. If the entry is really gone, you can re-create it by stopping slapd and then using slapadd:

systemctl stop slapd.service

slapadd -n 1 <<__LDIF__
dn: cn=admin,$(ucr get ldap/base)
objectClass: top
objectClass: person
cn: admin
sn: admin
userPassword: univention123

__LDIF__

systemctl start slapd.service

3. Then change the password for that user

ldappasswd -H ldapi:/// -D "cn=admin,$(ucr get ldap/base)" -w univention123 -T /etc/ldap.secret

4. After fixing this should work

ldapsearch -xLLLo ldif-wrap=no -D "cn=admin,$(ucr get ldap/base)" -y /etc/ldap.secret -s base -b "cn=admin,$(ucr get ldap/base)"

MiracErde · March 29, 2023, 3:52pm