The username (Bind DN property for LDAP data sources, User property for Database data sources) and/or password properties of a data source can be updated via an LDAP modify command. This modifies the configuration in the RadiantOne data source and does not modify any credentials in the backend. Updating data sources via LDAP requires the RadiantOne super user (cn=directory manager) credentials. The DN in the modification should be in the form of: id=<data_source_name>,cn=metads
Note – to update the RadiantOne credentials associated with the KDC account that is defined on Main Control Panel -> Settings -> Security -> Authentication Methods -> Kerberos Authentication, modify the username (user principal name) and/or password (service password) with a DN of “id=KDCconnect,cn=metads”. These special credentials are stored in ZooKeeper and updating the credentials via LDAP updates the kerberosUserPrincipalName and kerberosServicePassword properties in /radiantone/v1/cluster/config/vds_server.conf in ZooKeeper.
The LDAP attribute names to issue in the modify request for the Bind DN and password are: username and password respectively.
Two examples are shown below and leverage the ldapmodify command line utility. The syntax can be used to update LDAP data sources, database data sources, and custom data sources (that have properties named username and password).
Example 1: A configured LDAP data source named sun102 has the following username (BindDN) and password configured:
username: uid=sbuchanan,ou=People,dc=sun,dc=com
password: Radiant1
The following LDIF formatted file (named ldapmodify_update_datasource_sun.ldif) is created to update the password:
dn: id=sun102,cn=metads
changetype: modify
replace: password
password: radiantlogic
The following is the ldapmodify command that is run to update the password in the sun102 data source:
ldapmodify -h localhost -p 2389 -D "cn=directory manager" -w password -f ldapmodify_update_datasource_sun.ldif
modifying entry id=sun102,cn=metads
To verify the password update, go to the Main Control Panel -> Settings tab -> Server Backend -> LDAP Data Sources and edit the data source (e.g. sun102). Click Test Connection to confirm it succeeds. Also, validate that virtual views associated with this data source still work fine. This can be checked from the Directory Browser tab in the Main Control Panel.
Example 2: A configured LDAP data source named ad203 has the following username (BindDN) and password configured:
username: CN=Shelly Wilson,OU=Users,OU=Europe,DC=na,DC=radiantlogic,DC=com
password: Secret2
The following LDIF formatted file (named ldapmodify_update_datasource_username.ldif) is created to update the username and password:
dn: id=ad203,cn=metads
changetype: modify
replace: username
username: CN=Logan Oliver,OU=Users,OU=Europe,DC=na,DC=radiantlogic,DC=com
-
replace: password
password: Radiant1
The following is the ldapmodify command that is run to update the username and password in the ad203 data source:
ldapmodify -h localhost -p 2389 -D "cn=directory manager" -w password -f ldapmodify_update_datasource_username.ldif
modifying entry id=ad203,cn=metads
To verify the username and password update, go to the Main Control Panel -> Settings tab -> Server Backend -> LDAP Data Sources and edit the data source (e.g. ad203). Click Test Connection to confirm it succeeds. Also, validate that virtual views associated with this data source still work fine. This can be checked from the Directory Browser tab in the Main Control Panel.
Comments
Please sign in to leave a comment.