Change Bootstrap administrator password
This procedure describes how to change the password for the Content Platform Engine system user (also known as the bootstrap administrator, or cpe_bootstrap_admin). The credentials for this account are entered during Content Platform Engine configuration. Configuration Manager places this user name and its password into the Content Platform Engine bootstrap file. When Content Platform Engine starts up, it uses the account and password to authenticate against the user registry defined in the application server.
About this task
Here are the characteristics of the cpe_bootstrap_admin account:
- It must reside in Content Platform Engine's configured LDAP directory server.
- Configuration Manager's Configure Bootstrap Properties task places it in the Content Platform Engine's bootstrap file. In this location cpe_bootstrap_admin is called the Content Platform Engine system user.
- During the initial P8 Domain creation and configuration, it is automatically added to the Administration Console for Content Platform Engine's domain security property sheet as the default GCD administration user (gcd_admin). After initial P8 domain configuration, it is a best practice to replace it with a different gcd_admin account.
- Many installations will also enter this account into Configuration Manager's Configure LDAP task as the Directory Service User account (sometimes known as the bind user, or cpe_service_user), the account that Content Platform Engine's application server uses to bind to the directory server. The Configure LDAP task places the account into the application server's authentication configuration location.
- This account is sometimes also used as the LDAP bind user during P8 Domain creation, by entering the account name and password in the Directory Server User Name field in the Directory Configuration property sheet.
Changing cpe_bootstrap_admin's password in the directory server means that you must at the same time change it in these locations. If you do not, the bootstrap file will not be able to authenticate to the LDAP and Content Platform Engine will not be able to start. You can also lock yourself out from Administration Console for Content Platform Engine. Follow this procedure carefully to avoid this scenario.
This procedure requires access to the Content Platform Engine location, to the application server console, and to the directory server. Because of the relative complexity of this procedure, unless there is an overriding reason to change the password of this important account, you can consider exempting the Content Platform Engine system user account from your password change policy if this still meets your security requirements.
Procedure
To change the Content Platform Engine system user password: