The default admin account is cn=admin,dc=example,dc=org.
The default password is admin - it can be changed with the LDAP_ADMIN_PASSWORD environment variable in ldap.env
The default readonly account is cn=readonly,dc=example,dc=org.
The default password is readonly - it can be changed with the LDAP_READONLY_USER_PASSWORD environment variable in ldap.env. This account is used by the Sync Endpoint to retrieve user information.
My question: now that I’ve done this by editing ldap.env (in the sync-endpoint-default-setup directory), and stopped the stack with
docker stack rm syncldap
and restarted it with
docker stack deploy -c docker-compose.yml syncldap,
I find that the credentials have not actually changed – I must still use the old default admin and readonly passwords for LDAP commands. Is there something else I need to do, like rebuild? and if so, is there any way to do that without overwriting the LDAP entries I’ve added and modified?
Those environment variables are only effective for the initial deployment.
The accounts are just LDAP accounts, you can change the password as you would any other LDAP account. The simplest method would be through the phpLDAPAdmin interface. It can also be done through the OpenLDAP CLI tools.
I did this using the ldap tools, and now I am getting a 500 error again. I suspect it is because although I changed the readonly account password in LDAP, the odk web-ui does not know the new password to be able to query ldap when someone tries to log in? How do I change THAT, if that’s the case?