kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-03-31 14:24:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/roles/docker-ldap/Change_DN.md

156 lines
4.4 KiB
Markdown
Raw Blame History

Here is the full content in English with all instructions, formatted as a markdown (`CHANGE_DN.md`) file:
```md
# Change Distinguished Name (DN) in OpenLDAP Docker
This document provides a step-by-step guide on how to rename the Distinguished Name (DN) from `cn=administrator,dc=flock,dc=town` to `cn=administrator,dc=cymais,dc=cloud` in an **OpenLDAP Docker** environment.
**Reference:** [Conversation Link](https://chatgpt.com/share/67d9a2f7-4e04-800f-9a0f-1673194f276c)
---
## 1. Export the Current Entry
Connect to the OpenLDAP container and export the current entry:
```sh
docker exec -it openldap sh -c 'ldapsearch -x -D "$LDAP_ADMIN_DN" -w "$LDAP_ADMIN_PASSWORD" -b "$LDAP_ROOT"' > all_entries.ldif
```
If your ***LDAP_ADMIN_DN*** and ***LDAP_ROOT*** are not accured pass them via ``--env``.
---
## 2. Modify the LDIF File
Open `all_entries.ldif` and update the DN (`dn:` line) and `dc` attributes.
- Open the file in an editor (`nano`, `vim`, `sed`).
- Replace **all occurrences** of `dc=flock,dc=town` with `dc=cymais,dc=cloud`.
**Using `sed` to modify automatically:**
```sh
sed -i 's/dc=flock,dc=town/dc=cymais,dc=cloud/g' all_entries.ldif
```
**Before:**
```ldif
dn: cn=administrator,dc=flock,dc=town
cn: administrator
objectClass: organizationalRole
objectClass: simpleSecurityObject
userPassword: {SSHA}...
```
**After:**
```ldif
dn: cn=administrator,dc=cymais,dc=cloud
cn: administrator
objectClass: organizationalRole
objectClass: simpleSecurityObject
userPassword: {SSHA}...
```
---
## 3. Delete the Old Entry
### Generate a Recursive Delete LDIF
We need an **LDIF file that deletes all objects** under `dc=flock,dc=town`.
Instead of manually writing an LDIF file, you can use `ldapsearch` and `awk` to generate it dynamically:
```sh
docker exec -it openldap sh -c 'ldapsearch -x -D "cn=administrator,dc=flock,dc=town" -w "$LDAP_ADMIN_PASSWORD" -b "dc=flock,dc=town" dn' | awk "/^dn:/ {print \$2}" | tac > delete_all_dns.txt
```
This creates an **ordered delete list**, starting with child objects before deleting `dc=flock,dc=town`.
---
#### Apply the Recursive Delete
Now apply the generated `delete_all.ldif` to delete all entries **recursively**:
```sh
docker exec -i openldap sh -c '
while read dn; do
ldapdelete -x -D "cn=administrator,dc=flock,dc=town" -w "$LDAP_ADMIN_PASSWORD" "$dn"
done' < delete_all_dns.txt
```
---
#### Verify That Everything Is Deleted
After running the delete command, verify that `dc=flock,dc=town` is empty:
```sh
docker exec -it openldap sh -c 'ldapsearch -x -D "cn=administrator,dc=flock,dc=town" -w "$LDAP_ADMIN_PASSWORD" -b "dc=flock,dc=town"'
```
- ✅ If **no results** are returned, the domain has been deleted successfully.
- ❌ If results still exist, some entries were not removed.
---
#### Manually Create the Base DN (dc=cymais,dc=cloud)
Before importing the full LDIF file, you need to explicitly create the base DN (dc=cymais,dc=cloud) first.
#### Create base.ldif for dc=cymais,dc=cloud
Save this LDIF content into a file:
```sh
dn: dc=cymais,dc=cloud
objectClass: top
objectClass: domain
dc: cymais
```
#### Add the Base DN to LDAP
Run the following command to create the base DN before importing other entries:
```sh
cat base.ldif | docker exec -i openldap sh -c 'ldapadd -x -D "cn=admin,dc=cymais,dc=cloud" -w "$LDAP_ADMIN_PASSWORD"'
```
docker exec -i openldap ldapadd -Y EXTERNAL -H ldapi:/// -f /dev/stdin < new_database.ldif
## 4. Add the New Entry
Now, upload the modified `all_entries.ldif`:
```sh
cat all_entries.ldif | docker exec -i openldap sh -c 'ldapadd -x -D "cn=admin,dc=cymais,dc=cloud" -w "$LDAP_ADMIN_PASSWORD"'
```
---
## 5. Update Root DN Configuration
If `cn=administrator` is used as `rootdn`, update the OpenLDAP configuration file (`slapd.conf` or `olcDatabase={1}mdb.ldif` under `cn=config`).
Find:
```ldif
olcRootDN: cn=administrator,dc=flock,dc=town
```
Replace with:
```ldif
olcRootDN: cn=administrator,dc=cymais,dc=cloud
```
Save the change and apply it:
```sh
docker exec -it openldap ldapmodify -Y EXTERNAL -H ldapi:/// -f config_update.ldif
```
---
## 6. Restart OpenLDAP
Restart the OpenLDAP container if necessary:
```sh
docker restart openldap
```
Now, `cn=administrator,dc=cymais,dc=cloud` should be active as the new administrator account.
```
This file contains the complete set of instructions in English, properly formatted, and ready to be used in OpenLDAP Docker. Let me know if you need any adjustments! 🚀
Reference in New Issue View Git Blame Copy Permalink