By docteger on Dec 15, 2009
Since the password for
amadminis encoded and hashed it is hard to change the password once OpenSSO is installed as we don't offer the option or utility to encode and hash the password. Unofficially, there is a way to change the lost or forgotten password of
amadmin. It's not supported and this is the only thing written on it so be sure not to lose or forget your password. But just in case... BEFORE YOU BEGIN: The password for
amadminand Directory Manager of the configuration data store is the same by default. So before you can make any changes to the configuration data store, you will need to reset the password for the OpenDS Directory Manager. Use the
ldappasswordmodifycommand as illustrated:
$ ldappasswordmodify -h localhost -p 1389 --authzID "dn:cn=Directory Manager" --currentPassword mypassword --newPassword mynewpasswordIt should return:
The LDAP password modify operation was successfulNow follow these instructions to reconfigure the configuration data store using the new Directory Manager password when it is requested.
- Connect to the Configuration Data Store using an LDAPBROWSER client.
- Navigate to
--> ou=Services --> ou=iPlanetAMPlatformService --> ou=1.0 --> ou=GlobalConfig --> ou=Default --> ou=com-sun-identity-servers --> ou=http:// : /opensso
ou=http://. Its different attributes and associated values are displayed on the right. Note the value of attribute
serverconfig=am.encryption.pwd=password1234. If there is another instance of OpenSSO that has the same value for
am.encryption.pwdas this one, the passwords and encryptions are the same. Continue with step 5 to change the password. Otherwise, continue with step 4.
- Install an instance of OpenSSO in a test environment using the same value of
am.encryption.pwdas the one above.
- Connect to the Configuration Data Store on the temporary instance using an LDAPBROWSER client.
- Navigate to to
--> ou=Services --> ou= sunIdentityRepositoryService --> ou=1.0 --> ou=GlobalConfig --> ou=Default --> ou=users --> ou=amAdmin
. Its different attributes and associated values are displayed on the right. The value of
sunKeyValueis displayed as
- Navigate to the Configuration Data Store on which you want to change the password and replace the old value with this new one.
- Restart the web container.
- Login using the password of the temporary environment that was copied.