In practice, the rootDN should be used sparingly, such as for initial configuration. The master account is for slapd itself, and it bypasses a lot of features (such as ACLs). You should define administrative accounts in the DIT, give them the appropriate privileges, and use those. It should also be noted that user passwords should not be changed using the rootDN but rather with the ldappasswd command.

Dynamic Configuration (slapd.d)

To reset the rootdn password use the following steps:

1)  Create a backup of the configuration:

/opt/symas/sbin/slapcat -n 0 -F /opt/symas/etc/openldap/slapd.d -l /tmp/config.ldif

2)  Modify the password in the configuration

vi /tmp/config.ldif

...
olcSuffix: dc=example,dc=com
olcRootDN: cn=manager,dc=example,dc=com
olcRootPW: <update password>
...

3)  Stop the slapd service

systemctl stop slapd

4)  Remove the content of the slapd.d directory

rm -rf /opt/symas/etc/openldap/slapd.d/*

5)  Restore the configuration database

/opt/symas/sbin/slapadd -n 0 -F /opt/symas/etc/openldap/slapd.d/* -l /tmp/config.ldif

6)  If you have a specific user and/or group that runs the slapd process, change the ownership of the slapd.d directory (this step may be optional)

chown -R ldap:ldap /opt/symas/etc/openldap/slapd.d/

7)  Restart the slapd service

systemctl start slapd

You may need to modify the paths of the examples provided to accommodate your environment.

Static Configuration (slapd.conf)

In a static configuration the rootdn password can be found in the slapd.conf file.  This file is normally located in /opt/symas/etc/openldap by default. This password cannot be changed by ldappasswd command and is not in the DIT.

1)  Create a backup of your slapd.conf:

cp /opt/symas/etc/openldap/slapd.conf slapd.conf.bk

2)  Modify the password in the slapd.conf:

vi /opt/symas/etc/openldap/slapd.conf

3)  Look for where the rootDN password is specified. It will look like this in the config (using example configuration from exampleDB.sh):

#######################################################################
# Example mdb database definitions
#######################################################################
database    mdb
suffix      "dc=example,dc=com"
rootdn      "dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details describing
# the creation of encrypted passwords.
rootpw      secret

4)  Change the password using the editor (vi/vim in this case)  and then exit out. wq! can be used in vi/vim.
5)  Restart the slapd process:

systemctl restart slapd