kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-21 23:42:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/roles/docker-ldap/docs/Change_DN.md

3.5 KiB
Raw Blame History

Change Distinguished Name (DN) in OpenLDAP Docker

This document provides a step-by-step guide on how to rename the Distinguished Name (DN) from cn=administrator,dc=flock,dc=town to cn=administrator,dc=cymais,dc=cloud in an OpenLDAP Docker environment.

Reference: Conversation Link

1. Export the Current Entry

Connect to the OpenLDAP container and export the current entry:

docker exec -it ldap sh -c 'ldapsearch -x -D "$LDAP_ADMIN_DN" -w "$LDAP_ADMIN_PASSWORD" -b "$LDAP_ROOT"' > all_entries.ldif

If your LDAP_ADMIN_DN and LDAP_ROOT are not accured pass them via --env.

2. Modify the LDIF File

Open all_entries.ldif and update the DN (dn: line) and dc attributes.

  • Open the file in an editor (nano, vim, sed).
  • Replace all occurrences of dc=flock,dc=town with dc=cymais,dc=cloud.

Using sed to modify automatically:

sed -i 's/dc=flock,dc=town/dc=cymais,dc=cloud/g' all_entries.ldif

Before:

dn: cn=administrator,dc=flock,dc=town
cn: administrator
objectClass: organizationalRole
objectClass: simpleSecurityObject
userPassword: {SSHA}...

After:

dn: cn=administrator,dc=cymais,dc=cloud
cn: administrator
objectClass: organizationalRole
objectClass: simpleSecurityObject
userPassword: {SSHA}...

3. Delete the Old Entry

Generate a Recursive Delete LDIF

We need an LDIF file that deletes all objects under dc=flock,dc=town.

Instead of manually writing an LDIF file, you can use ldapsearch and awk to generate it dynamically:

docker exec -it ldap sh -c 'ldapsearch -x -D "cn=administrator,dc=flock,dc=town" -w "$LDAP_ADMIN_PASSWORD" -b "dc=flock,dc=town" dn' | awk "/^dn:/ {print \$2}" | tac > delete_all_dns.txt

This creates an ordered delete list, starting with child objects before deleting dc=flock,dc=town.

Apply the Recursive Delete

Now apply the generated delete_all.ldif to delete all entries recursively:

docker exec -i ldap sh -c '
while read dn; do
  ldapdelete -x -D "cn=administrator,dc=flock,dc=town" -w "$LDAP_ADMIN_PASSWORD" "$dn"
done' < delete_all_dns.txt

Verify That Everything Is Deleted

After running the delete command, verify that dc=flock,dc=town is empty:

docker exec -it ldap sh -c 'ldapsearch -x -D "cn=administrator,dc=flock,dc=town" -w "$LDAP_ADMIN_PASSWORD" -b "dc=flock,dc=town"'
  • If no results are returned, the domain has been deleted successfully.
  • If results still exist, some entries were not removed.

Create new_database.ldif

docker exec -i ldap ldapadd -Y EXTERNAL -H ldapi:/// -f /dev/stdin < new_database.ldif

4. Add the New Entry

Now, upload the modified all_entries.ldif:

cat all_entries.ldif | docker exec -i ldap sh -c 'ldapadd -x -D "cn=admin,dc=cymais,dc=cloud" -w "$LDAP_ADMIN_PASSWORD"'

5. Update Root DN Configuration

If cn=administrator is used as rootdn, update the OpenLDAP configuration file (slapd.conf or olcDatabase={1}mdb.ldif under cn=config).

Find:

olcRootDN: cn=administrator,dc=flock,dc=town

Replace with:

olcRootDN: cn=administrator,dc=cymais,dc=cloud

Save the change and apply it:

docker exec -it ldap ldapmodify -Y EXTERNAL -H ldapi:/// -f config_update.ldif

6. Restart OpenLDAP

Restart the OpenLDAP container if necessary:

docker restart ldap

Now, cn=administrator,dc=cymais,dc=cloud should be active as the new administrator account.