Q&A: How can I change the machine password from my ucs master?

ucs-4
qa
machine-secret

#1

Question:

How can I change the machine password from may ucs master. For example if you get
ldap_bind: Invalid credentials (49)
from a ldapsearch command.

Answer:

You can try the server-password change routine:


But in some cases this does not work anymore, if the password ist already wrong and the ldapaccess with the old machine.secret does not work, anymore you have to set the password manually.
You can use an old one, they are saved in /etc/machine.secret.old
or set a new one:

NEWPW=$( pwgen -s 20 1 )
OLDPW=$( cat /etc/machine.secret )
udm computers/domaincontroller_master modify --dn=cn=master,cn=dc,cn=computers,dc=schein,dc=me \
  --set password=$NEWPW
grep $OLDPW /etc/machine.secret.old || echo "$( date +%y%m%d%H%S ): $OLDPW" >>/etc/machine.secret.old
echo -n $NEWPW > /etc/machine.secret
unset NEWPW OLDPW

closed #2