After publishing my last article around the topic of Automating SSO Admin configurations using some simple LDAP commands which is applicable for both vSphere 5.5 and 6.0. It was pointed out to me by my buddy G. Blair Fritz who works over in our GSS Organization that another handy operation to share with customers is the ability to easily and quickly change an SSO Administrator password across multiple Platform Services Controllers (PSC). This is especially important for customers who have a password rotation policy set fourth by their Security team which most Enterprise customers have and are require to update their admin passwords every N-number of days.
Though you will not be able to query for an existing SSO Administrator's password (it is encrypted), you can however modify the password and this will require you to provide a valid SSO Administrator's account to connect with. To modify an LDAP entry, we will need to first create a file that contains the change, in the example here we are going to name it change.ldif and it should contain the following where the "replace" keyword shows which property is getting modified and the next line after shows the value that it will be changed to. Make sure to also replace the dc=vghetto with the name of your SSO Site Name
dn: cn=administrator,cn=users,dc=vghetto,dc=local
changetype: modify
replace: userpassword
userpassword: VMware1!
To apply the change, we will now run the following ldapmodify command and specifying our change.ldif configuration file:
/opt/likewise/bin/ldapmodify -f change.ldif -h 192.168.1.60 -D "cn=administrator,cn=users,dc=vghetto,dc=local" -w 'VMware1!!'
The really nice thing about this is that you can quickly change the password for your SSO Administrators across multiple Platform Services Controller and across multiple SSO Domains with a couple slight modifications to the command. How cool is that!? Thanks to Blair for sharing this awesome tidbit!
- vCenter Server 6.0 Tidbits Part 1: What install & deployment parameters did I use?
- vCenter Server 6.0 Tidbits Part 2: What is my SSO Domain Name & Site Name?
- vCenter Server 6.0 Tidbits Part 3: Finding all deployed Platform Services Controller
- vCenter Server 6.0 Tidbits Part 4: Finding all deployed vCenter Servers
- vCenter Server 6.0 Tidbits Part 5: New method of patching the VCSA
- vCenter Server 6.0 Tidbits Part 6: Customizing VCSA’s DCUI
- vCenter Server 6.0 Tidbits Part 7: Connecting to SSO/PSC using JExplorer
- vCenter Server 6.0 Tidbits Part 8: Useful ldapsearch queries for vmdird
- vCenter Server 6.0 Tidbits Part 9: Creating & managing SSO users using dir-cli
- vCenter Server 6.0 Tidbits Part 10: Automating SSO Admin configurations
- vCenter Server 6.0 Tidbits Part 11: Automate SSO Admin password change
- vCenter Server 6.0 Tidbits Part 12: New methods of downloading Support Bundles for VCSA / PSC
In2PcFix says
it really helps me to increwase my knowledge