authentication failed using ldapsearch

oscarjiao · 04-19-2016, 01:58 PM

I created a local ldap server with Apache Directory Studio. A user entry is created with the uid "djiao1" and password "123456" (SHA hashed password).

I was able to search the user with the following ldapsearch command:

Code:

ldapsearch -H ldap://localhost:10389 -x uid=djiao1
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: uid=djiao1
# requesting: ALL
#

# djiao, Users, example.com
dn: cn=djiao,ou=Users,dc=example,dc=com
sn: jiao
cn: djiao
objectClass: top
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
userPassword:: e3NoYX1mRXFOQ2NvM1lxOWg1WlVnbEQzQ1pKVDRsQnM9
uid: djiao1

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

However if I run with -W to prompt password and type in "123456" I get "invalid credentials" error:

Quote:

ldapsearch -H ldap://localhost:10389 -W -x uid=djiao1
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
additional info: INVALID_CREDENTIALS: Bind failed: Invalid authentication

I tried the very long string shown as the userPassword "e3NoYX1mRXFOQ2NvM1lxOWg1WlVnbEQzQ1pKVDRsQnM9" and still got the same error.

Why doesn't the password work?

bathory · 04-19-2016, 03:24 PM

Quote:

However if I run with -W to prompt password and type in "123456" I get "invalid credentials" error:

Quote:
ldapsearch -H ldap://localhost:10389 -W -x uid=djiao1
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
additional info: INVALID_CREDENTIALS: Bind failed: Invalid authentication

You need to supply also the bindDN using the -D option, e.g:

Code:

ldapsearch -H ldap://localhost:10389 -D cn=djiao,ou=Users,dc=example,dc=com -W -x uid=djiao1