How to change Bootstrap admin password

This procedure describes how to change the password for the Content Engine system user (also known as the bootstrap admininstrator, or ce_bootstrap_admin). The credentials for this account are entered during Content Engine configuration. Configuration Manager places this user name and its password into the Content Engine bootstrap file and subsequently into the GCD. Here are the locations that this procedure will describe:

Changing ce_bootstrap_admin's password in the directory server means that you must at the same time change it in these several locations. If you do not, the bootstrap file will not be able to authenticate to the LDAP and Content Engine will not be able to start. You can also lock yourself out from Enterprise Manager. Therefore, follow this procedure carefully to avoid this scenario.

NOTE   This procedure requires access to the Content Engine location, to the application server console, and to the directory server.

NOTE   Because of the relative complexity of this procedure, unless there is an overriding reason to change the password of this important account, you should consider exempting the Content Engine System User account from your password change policy.

NOTE   Some steps below will be different for installations using JBoss, as JBoss does not have an administrative console or the need to log in as an administrator.

To change the Content Engine system user password

  1. Backup of the Engine-##.ear file, where ws denotes WebSphere,wl denote WebLogic, and jb denotes JBoss. You can then revert to last good known ear file, in case changing the password fails.
  2. On the server containing Content Engine, open a command window and navigate to the installation location.
    1. Use the BootstrapConfig utility, described above, to list the current Username and EncryptedPassword entry on an Engine-##.ear file, as in the following WebLogic example:

      java -jar BootstrapConfig.jar -e Engine-wl.ear -l

    2. Do not change anything yet. Leave this command window open while doing the remaining steps.
  3. Log in to Enterprise Manager as GCD administrator.
    1. In Enterprise Manager, right-click the Root Folder, and then click Properties
    2. Click the Directory Configuration tab.
    3. Select the row that represents the configuration parameters pointing to the LDAP location that the Content Engine system user belongs to, and click Edit.
    4. When the Modify Directory Configuration dialog box opens, view the value for the Directory Service User.

      NOTE   If this account is the same as the Content Engine system user identified in step 1, do all the steps that follow. If it is different, then use just this step by itself to change its password if and only if it is being changed on the LDAP.
    5. Do not change anything yet. Leave the dialog box open while doing the remaining steps.
  4. (WebLogic and WebSphere) Log in to your application server console.
    1. Stop the application server.
    2. Navigate to the authentication provider panel containing the ID and password for the directory service user account.
      • WebLogic: this will be the value of the Principal field in the Authentication Provider for the WebLogic domain containing Content Engine.
      • WebSphere: this will be the bind user account in the Profile containing Content Engine.
      • JBoss: the directory service user account is contained in the login-config.xml file.
    3. Do not change anything yet. Leave the console open while doing the remaining steps.
  5. Log in to your directory server.
    1. Navigate to the location containing the account for the Content Engine system user.
    2. Change its password.
    3. Save and apply.
  6. Return to your application server console .
    1. Change the password of the directory service user account (also known as the bind account) to the new password .
    2. Save and apply.
    3. Do not restart the application server until instructed to do so below.
  7. Return to Enterprise Manager dialog box .
    1. Change the directory service user's password to the new password.
    2. Click Apply and OK to close the dialog box.
  8. Return to the command window containing the BootstrapConfig utility.
    1. Issue a command similar to the following, which uses Websphere as an example:

      java -jar BootstrapConfig.jar -e Engine-ws.ear [-p password]
    2. Close the command window.
  9. Restart the application server.
  10. Verify the change by logging on to Enterprise Manager as a GCD administrator and performing a user and group look up. See Modify an object's security for one way to do this.