Ideally it is recommended to configure the user account : tdsadmin, to have the attribute "Password Never Expires" set.
If the password of the account tdsadmin has been expired, the below procedure need to be followed :
1) You may point the RFP to any other RDS server using the admin id, till the time the actual RDS is online. This is optional step to reduce the downtime of RFP. If you are ok with downtime of RFP, then this step is not required.
2) Make note of the new password of the tdsadmin account, in the cleartext format.
3) Take backup of the file : /var/IBM/Rational/RDS_5.2/Instance/idsslapd-tdsadmin/etc/ibmslapd.conf
[root@hostname bin]# find /var/IBM/Rational/RDS_5.2 -name *.conf
/var/IBM/Rational/RDS_5.2/Instance/idsslapd-tdsadmin/etc/ibmslapd.conf
/var/IBM/Rational/RDS_5.2/Instance/idsslapd-tdsadmin/etc/tdsdelref.conf
/var/IBM/Rational/RDS_5.2/Instance/idsslapd-tdsadmin/etc/perftune_input.conf
4) Stop the Rational Directory Server for RFP :
(a) cd /opt/ibm/ldap/V6.3/sbin
(b) ./ibmslapd -I tdsadmin -k
(c) ./idsdiradm -I tdsadmin -k
You may also execute the command :
/var/IBM/Rational/RDS_5.2/RDSUtility/stop_rds_server.sh
5) Go to "<instance_directory>\etc\ibmslapd.conf". In our case, /var/IBM/Rational/RDS_5.2/Instance/idsslapd-tdsadmin/etc/ibmslapd.conf. We need to edit this file, to make the below changes :
a) Under "dn: cn=Configuration" , set "ibm-slapdPwEncryption: none"
b) Under "dn: cn=TDSAdminGroupEntry, cn=AdminGroup, cn=Configuration" , set "ibm-slapdAdminPW: New_Password"
c) Under "dn: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configuration" , set "ibm-slapdDbUserPW : New_Password"
6) under <RDS_Home>/ldap/V6.3/sbin, run the command idscfgdb.cmd -w <new_password> to set the password for TDS DB owner. For example :
-bash-3.2$
-bash-3.2$ cd /opt/ibm/ldap/V6.3/sbin
-bash-3.2$
-bash-3.2$
-bash-3.2$ ./idscfgdb -w xxxxxxxx
GLPWRP123I The program '/opt/ibm/ldap/V6.3/sbin/64/idscfgdb' is used with the following arguments '-w *****'.
You have chosen to perform the following actions:
GLPCDB022I The database administrator password will be reconfigured.
Do you want to....
(1) Continue with the above actions, or
(2) Exit without making any changes:1
GLPCDB028I Reconfiguring database password.
GLPCDB029I Reconfigured database password.
-bash-3.2$
7) Navigate to the RDS install directory and run the ./start_rds_server.sh command to start RDS server and then try to login to RDA using the new password.
/var/IBM/Rational/RDS_5.2/RDSUtility/start_rds_server.sh
or
You can switch to : cd /opt/ibm/ldap/V6.3/sbin
and run below commands :
./ibmslapd -I tdsadmin -n
./idsdiradm -I tdsadmin
8) Verify the login in the Rational Directory Server Administrator (RDA) in browser and Exit RDA.
Example RDA URL : http://hostname.ibm.com:8090/webrda/rda
9) Stop the Rational Directory Server using : /var/IBM/Rational/RDS_5.2/RDSUtility/stop_rds_server.sh
10) Open "/var/IBM/Rational/RDS_5.2/Instance/idsslapd-tdsadmin/etc/ibmslapd.conf" with vi editor.
11) Enable password encryption :
Under 'dn: cn=Configuration', set 'ibm-slapdPwEncryption: ssha'
12) Start the Rational Directory Server :
/var/IBM/Rational/RDS_5.2/RDSUtility/start_rds_server.sh
13) Verify the login in the Rational Directory Server Administrator :
http://hostname.ibm.com:8090/webrda/rda
14) Update the RFP configuration with this RDS information and verify the LDAP login.
DISCALIMER :
"The postings on this blog are my own opinions and don't necessarily represent IBM's positions, strategies or opinions."