LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
LinkBack Search this Thread
Old 12-14-2005, 06:35 PM   #1
pdrobe
LQ Newbie
 
Registered: Feb 2005
Posts: 4

Rep: Reputation: 0
ldap_bind: Invalid credentials (49)


----- I have Debian Sarge and openLDAP
------ When i try to insert new entries:

#ldapadd -x -D "cn=Admin,o=litho,c=com" -W -f example.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

-------I think I have one error here:

#ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: namingContexts
#

#
dn:

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

------- because dn: is empty

----1) my slapd.conf




include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd.args
loglevel 0

modulepath /usr/lib/ldap/
moduleload back_ldbm.so





backend ldbm


database ldbm
suffix "o=litho, c=com"
directory /var/lib/ldap
rootdn "cn=Admin,o=litho, c=com"
rootpw secret
index cn,sn,uid
index objectclass pres,eq
index default none

defaultaccess read
access to attr=userpassword
by self write
by dn="cn=Admin,o=litho, c=com" write
by * compare


-----my example.ldif


o=litho, c=com
objectClass=organization

o=litho
description=litho

cn=Manager, o=litho, c=com
objectClass=organizationalRole
cn=Manager
description= manager




thanks anyone..................
 
Old 12-14-2005, 07:52 PM   #2
Gato Azul
Member
 
Registered: Sep 2003
Location: /dev/null
Distribution: CentOS, Ubuntu
Posts: 128

Rep: Reputation: 16
Smile

A typical ldif might look like this:
Code:
# Root Organization
dn: dc=example,dc=com
dc: example
objectClass: dcObject
objectClass: organization
o: Example Inc

# Barbara's Entry
dn: cn=Barbara J Jensen, dc=example, dc=com
cn: Barbara J Jensen
objectClass: person
gn: Barbara
sn: Jensen
I can't say I've ever used the o=example,c=com format, but assuming it works the same way as using dc=, then you're missing the dn: prefix on the line for o=litho,c=com as well as on the cn=Manager, o=litho, c=com line. You should also change a lot of those equal signs to colons. So fixing it up, I would guess that your ldif should look more like this:
Code:
dn: o=litho, c=com
objectClass: organization
o: litho
description: litho

dn: cn=Manager, o=litho, c=com
objectClass: organizationalRole
cn: Manager
description: manager
and maybe you might want to add objectClass=dcObject to the first entry too? If I were doing it, I'd write it as such:
Code:
dn: dc=litho,dc=com
dc: litho
objectClass: dcObject
objectClass: organization
o: litho
description: litho

dc: cn=Manager, dc=litho, dc=com
objectClass: organizationalRole
cn: Manager
description: manager
Disclaimer: I'm fairly new myself to LDAP, so there might be some mistakes in there, but hopefully that should get you on the right track. A good site on the LDIF format can be found here at the Linux Documentation Project, and another good one here.

Hope that helps!

Last edited by Gato Azul; 12-14-2005 at 07:54 PM.
 
Old 12-15-2005, 08:50 AM   #3
pdrobe
LQ Newbie
 
Registered: Feb 2005
Posts: 4

Original Poster
Rep: Reputation: 0
thanks but I do that and obtained the same error:

ldap_bind: Invalid credentials (49)

help me anyone................
 
Old 12-15-2005, 11:15 AM   #4
Gato Azul
Member
 
Registered: Sep 2003
Location: /dev/null
Distribution: CentOS, Ubuntu
Posts: 128

Rep: Reputation: 16
Lightbulb

Quote:
Originally Posted by pdrobe
thanks but I do that and obtained the same error:

ldap_bind: Invalid credentials (49)

help me anyone................
Oh...sorry! I missed that part in your original post. If you're getting an Invalid credentials (49) error, then it's not a problem with your ldif file. It means either your administrative account isn't set up properly or your password isn't being accepted.

I noticed in your slapd.conf that you had this line:
Code:
rootpw secret
Most tutorials that I've seen show that, but don't explain that you need to change the secret part to an actual password, usually encrypted with the slappasswd command. So, I'm guessing that that might be your problem.

Here is the man page for slappasswd. An example usage would be:
Code:
slappasswd -h {CRYPT} -c '$2a$05$%.24s'
This will output a blowfish encrypted password, which you can then copy and paste into your slapd.conf file, replacing the word secret in the rootpw line.

Just as a general LDAP help for everyone, here are a couple good sites on LDAP error codes and what they mean:
http://web500gw.sourceforge.net/errors.html
http://www.directory-info.com/LDAP/LDAPErrorCodes.html

Also, a nice graphical interface to LDAP that I personally use and like is LDAP Browser. You can import ldifs, export a whole directory or portions of it to an ldif, modify entries, etc. It's written in Java, so it's portable, but sadly it appears to be unmaintained.

Anyway, I hope that helps! I know LDAP can be pretty frustrating at times since it's certainly not the most user-friendly piece of software out there, but...it gets better eventually, so keep up the good effort and it'll pay off!
 
Old 12-15-2005, 12:21 PM   #5
pdrobe
LQ Newbie
 
Registered: Feb 2005
Posts: 4

Original Poster
Rep: Reputation: 0
I try that but the error is the same
I think the error is because dn is Invalid
 
Old 12-16-2005, 06:49 AM   #6
collen
Member
 
Registered: Jun 2003
Location: /
Distribution: Fedora/Debian
Posts: 86

Rep: Reputation: 15
got the simmulair problem here, ldap_bind: Invalid credentials (49)
tried differend database backends,

ldbm gives back this error:
ber_get_next on fd 11 failed errno=11 (Resource temporarlily unavailable)

dbd gives back this error:
<= dbd_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found

both with the invalid credentials ..
tried, {CRYPT}, {SSH} and {PLAINTEXT} as passwordhash and rootpw.. no differance..

dunno what to do next...

Larz Collen
 
Old 12-16-2005, 07:08 AM   #7
fouldsy
Senior Member
 
Registered: Jan 2002
Location: St Louis, MO
Distribution: Ubuntu
Posts: 1,284

Rep: Reputation: 47
Try sticking "-d 255" on whilst doing an ldap search as this will display a load of debug stuff and report back on the problem in more detail. Authentication issues could be a number of things. Also, within /etc/hosts, make sure an entry exists for the server detailing it's FQDN. For example, you might have fatcontroller.homelinux.net, not just fatcontroller.homelinux.
 
1 members found this post helpful.
Old 12-16-2005, 07:58 AM   #8
collen
Member
 
Registered: Jun 2003
Location: /
Distribution: Fedora/Debian
Posts: 86

Rep: Reputation: 15
Lightbulb

Quote:
Originally Posted by fouldsy
Try sticking "-d 255" on whilst doing an ldap search as this will display a load of debug stuff and report back on the problem in more detail. Authentication issues could be a number of things. Also, within /etc/hosts, make sure an entry exists for the server detailing it's FQDN. For example, you might have fatcontroller.homelinux.net, not just fatcontroller.homelinux.
- linux debian sarge
- openldap 2.2.26

No worry, the FQDN is there (the server is also a DNS-server)
all ldap things are issued localy, but the outcome is the same with the -h <FQDN>

debug level 255 gives alot of info,
ldap search is not giving anny errors back
ldapsearch -d 255 -h <FQDN> -x -b '' -s base '(objectclass=*)' namingContexts


ldapadd is however giving that:
ber_get_next on fd 11 failed errno=11 (Resource temporarlily unavailable)
<= dbd_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found


dunno there are files in the DB dir (/var/lib/ldap) and slap is runned by root so??
 
Old 12-16-2005, 09:26 AM   #9
fouldsy
Senior Member
 
Registered: Jan 2002
Location: St Louis, MO
Distribution: Ubuntu
Posts: 1,284

Rep: Reputation: 47
collen - please open a new thread with your problem. My suggestions (although still the same with your issue as a starting point to see what is wrong) were for the initial poster.

It's going to get confusing with two different people + two different problems in the same thread
 
Old 12-16-2005, 09:43 AM   #10
collen
Member
 
Registered: Jun 2003
Location: /
Distribution: Fedora/Debian
Posts: 86

Rep: Reputation: 15
Question

Quote:
Originally Posted by fouldsy
It's going to get confusing with two different people + two different problems in the same thread
hehe, hmm thought we had the same problem, read the first post.
same error, same os, same command is issued,same scheme.

same bug, only i posted some additional info regarding the debug info!

so what is the prob??
 
Old 12-16-2005, 12:29 PM   #11
fouldsy
Senior Member
 
Registered: Jan 2002
Location: St Louis, MO
Distribution: Ubuntu
Posts: 1,284

Rep: Reputation: 47
collen - It's not a bug, it's an incorrect configuration somewhere along the lines.

The problem is one person comes having tried something, needs another suggestion, an idea is offered, then the first comes back and posts afterwards, and you go round + round not knowing who's posting responses to what.

Try giving more info such as your ldap.conf + slapd.conf, whether you have enabled SSL connections, whether you're trying connecting on the same physical machine or a client, etc. I'd still urge to start a new thread with all this info being passed back + forth, but certainly keep an eye on this to see what solutions are suggested.

pdrobe - have you tried with extra debug statements to see if you have anything being reported as to where the failure is and check your hosts file? Although you're trying to add users first, you should at least have an empty schema setup which should report something with:
Code:
ldapsearch -D "cn=Manager,dc=genfic,dc=com" -W -d 255
obviously changing your dn settings.
 
Old 03-08-2010, 08:06 AM   #12
lakhera2010
LQ Newbie
 
Registered: Mar 2010
Posts: 20

Rep: Reputation: 1
I just found the solution of this issue atleast in my case its working
I just comment out the nameserver line /etc/resolv.conf as i am using

suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"


As it trying to resolv example.com from external source and not from my pc.After that i am able to add OU/users.

[root@localhost ldif]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f root.ldif
Enter LDAP Password:
adding new entry "dc=example,dc=com"
 
Old 09-13-2012, 02:41 AM   #13
gopa
LQ Newbie
 
Registered: Aug 2011
Posts: 13

Rep: Reputation: Disabled
Invalid Credentials(49) for openLDAP

First we have create Organisation

Second Organisation Structurre

Third inetorgPerson
...........................................


We have to follow the above structure with proper spaces in all the structure.....

Ensure there are no spaces after every line in while writing the organisation, Org Structure and inetorgperson.


Hope it helps.

Regards,
Gopal Varma P
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re ldap_bind Insufficient access(50) vanaidu2004 Linux - Networking 0 07-03-2005 12:39 AM
LDAP_BIND: Invalid Credentials rupesh_pulikool Linux - Software 0 02-01-2005 01:27 PM
ldap invalid credentials johond Linux - Networking 1 12-14-2004 04:31 AM
ldap: invalid credentials johond Debian 0 12-14-2004 04:00 AM
ldap_bind:Invalid credentials chintone Linux - General 0 12-06-2002 05:42 AM


All times are GMT -5. The time now is 08:01 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration