How do I update credentials in RadiantOne data sources using LDAP?

The username (Bind DN property for LDAP data sources, User property for Database data sources) and/or password properties of a data source can be updated via an LDAP modify command. This modifies the configuration in the RadiantOne data source and does not modify any credentials in the backend. Updating data sources via LDAP requires the RadiantOne super user (cn=directory manager) credentials. The DN in the modify should be in the form of: id=<data_source_name>,cn=metads

Note – to update the RadiantOne credentials associated with the KDC account that is defined on Main Control Panel -> Settings -> Security -> Authentication Methods -> Kerberos Authentication, modify the username (user principal name) and/or password (service password) with a DN of “id=KDCconnect,cn=metads”.  These special credentials are stored in ZooKeeper and updating the credentials via LDAP updates the kerberosUserPrincipalName and kerberosServicePassword properties in /radiantone/v1/cluster/config/vds_server.conf in ZooKeeper.

The LDAP attribute names to issue in the modify request for the Bind DN and password are: username and password respectively.

Two examples are shown below and leverage the ldapmodify command line utility. The syntax can be used to update LDAP data sources, database data sources and custom data sources (that have properties named username and password).

Example 1: A configured LDAP data source named sun102 has the following username (BindDN) and password configured:

username: uid=sbuchanan,ou=People,dc=sun,dc=com

password: Radiant1

 

The following LDIF formatted file (named ldapmodify_update_datasource_sun.ldif) is created to update the password:

dn: id=sun102,cn=metads

changetype: modify

replace: password

password: radiantlogic

 

The following is the ldapmodify command that is run to update the password in the sun102 data source:

ldapmodify -h localhost -p 2389 -D "cn=directory manager" -w password -f ldapmodify_update_datasource_sun.ldif

modifying entry id=sun102,cn=metads

 

To verify the password update, go to the Main Control Panel -> Settings tab -> Server Backend -> LDAP Data Sources and edit the data source (e.g. sun102). Click Test Connection to confirm it succeeds. Also validate that virtual views associated with this data source still work fine. This can be checked from the Directory Browser tab in the Main Control Panel.

Example 2: A configured LDAP data source named ad203 has the following username (BindDN) and password configured:

username: CN=Shelly Wilson,OU=Users,OU=Europe,DC=na,DC=radiantlogic,DC=com

password: Secret2

 

The following LDIF formatted file (named ldapmodify_update_datasource_username.ldif) is created to update the username and password:

dn: id=ad203,cn=metads

changetype: modify

replace: username

username: CN=Logan Oliver,OU=Users,OU=Europe,DC=na,DC=radiantlogic,DC=com

-

replace: password

password: Radiant1

 

The following is the ldapmodify command that is run to update the username and password in the ad203 data source:

ldapmodify -h localhost -p 2389 -D "cn=directory manager" -w password -f ldapmodify_update_datasource_username.ldif

modifying entry id=ad203,cn=metads

 

To verify the username and password update, go to the Main Control Panel -> Settings tab -> Server Backend -> LDAP Data Sources and edit the data source (e.g. ad203). Click Test Connection to confirm it succeeds. Also validate that virtual views associated with this data source still work fine. This can be checked from the Directory Browser tab in the Main Control Panel.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more