Change the password for vcoadmin on vCO Appliance

UPDATE 14. Mar. 2012: Christophe from @vcoteam posted a great article about how to “Pimp Your vCenter Orchestrator Appliance”, including a ready-to-run workflow package for all that stuff below (and much more useful info!). No need to get your keyboard dirty with the console :mrgreen:

Original Post:

You all know VMware vCenter Orchestrator Appliance as the quickest way to get started with vCO.

You all have learned (maybe the hard way) that the vCO Appliance uses 4 (in words: FOUR) different credentials…

The vCO Appliance user credentials

  • One for the root-user Appliance it self: This is used if you select the “Login”-Button on the console of the appliance (or via SSH, if you enabled SSH login for root (google for “ssh PermitRootLogin”)) and for the webbased  “Appliance Configuration” (on port 5480) . Change it with the passwd command on the console.
  • One for the “Orchestrator Configuration” webpage (port 8283). It can be changed using the “Change Password”-Tab in the General-section of the configurator (username is always vmware):

  • And finally, the (ldap-based) users to login with the vCO Smart Client or the weboperator (port 8281). Default: vcoadmin with password vcoadmin and vcouser with password vcouser. This article shows how to change their credentials…

Typically the default webpage asks you for new passwords for the appliance’s root-user and the vmware-user of the configuration when you click  on the links for the first time.

Change the default passwords for vcoadmin and vcouser:

For the vcoadmin & vcouser it’s not that easy: Because they are users defined in the local OpenLDAP-installation of the appliance, you have to use some ldap tools for this…

1. Login to the appliance on the console (or via SSH if PermitRootLogin is enabled)

2. Type following command:

ldappasswd -D “cn=vcoadmin,ou=vco,dc=appliance” -W -S

3. Type in the NEW Password for the vcoadmin-user (twice), and the OLD one once (when being asked for LDAP password)

(optionally: repeat the steps for cn=vcouser,ou=vco,dc=appliance”)

4. Because you changed the password of the vcoadmin, you have to reconfigure all settings which are using this password:
The password to browse the ldap-directory (in LDAP)

The password for user vcoadmin which is used to install Plugins in PLUGINS)

(It took me for a complete cup of coffee to troubleshoot that I forgot that step)

6. Voila: Test the new passwords in LDAP / “Test Login”-Tab and just by logging in with the vCO Client.