ldap bind: invalid credential (49)
 

hello everyone

I am new member, I am working on RHEL5 and configured open ldap 2.3
everything is configured and working properly, but I am facing an
error while adding ldap user.
error is ldap bind: invalid credential (49)
I had configured normal ldap without TLS

here is my slapd.conf file..

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema

allow bind_v2

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw {SSHA}KanXW0bqz13BeIlbGLKuOdlAvcrVvxAh

directory /var/lib/ldap/example.com

# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

I am using one script to add user..
that script is

#!/bin/bash
grep $1 /etc/passwd > /tmp/changeldappasswd.tmp
/usr/share/openldap/migration/migrate_passwd.pl /tmp/changeldappasswd.tmp /tmp/changeldappasswd.ldif.tmp
cat /tmp/changeldappasswd.ldif.tmp | sed s/padl/example/ > /tmp/changeldappasswd.ldif
ldapadd -x -D "cn=Manager,ou=People,dc=example,dc=com" -W -f /tmp/changeldappasswd.ldif
#rm -f /tmp/changeldappasswd


here is my ldif file
dn: uid=ldap4,ou=People,dc=example,dc=com
uid: ldap4
cn: ldap4
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!!
shadowLastChange: 14159
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 505
gidNumber: 100
homeDirectory: /home/ldap4

Note:I had tried various solution,from google search and some forums
but failed
I think problem is in this statement
ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /tmp/changeldappasswd.ldif
when this command is executed, it asks for password and after entering
password..I am facing error

So please if any one can help... thanks

How did you create rootpw?
You can use:
to create a hashed password to use in slapd.conf.

ya, exactly I had created hashed passwd using slappasswd

Are you sure you copied correctly the output of slappaswd to the rootpw entry?
You can use plaintext, just for testing to see if ldappadd works:

I had tried simple text also, tried hashed password also (two to three time) but
everything failed, I had configured everything again and again, but no result.

For configuration, I had followed steps given on this link..
http://www.linuxhomenetworking.com/w...DAP_and_RADIUS

Is there any other problem, with steps or any mistake in any dc statement

Unless there is a typo that we both cannot see, I don't find anything wrong. All I can think of right now is that you make sure that all lines in slapd.conf are aligned left, since slapd does not like white spaces. Use vi to see if there are no strange characters in slapd.conf

thanks a lot, I got success in adding ldap user

you are right, I removed all blank spaces, and blank lines.
and it is working...
Thanks....

Hi Sir, may i clarify on the way you removed blank spaces from slapd.conf, i tried to remove spaces but i still get the same error as yours. i'm also following the same steps as you did from LHN.

thanks

one more possibility often overlooked
 

Make sure the section

`ldapadd -x -D "cn=Manager,ou=People,dc=example,dc=com"`

is properly entered or the ldap server will not be able to find the users credentials to match.

explanation:
 

using '.' to indicate line start/end, the following lines:

.dn: cn:tammy,dc=exapmle,dc=com .
.objectClass: top.
.cn: Tammy.
. userPassword: {ssh}xxxxxxxxxx.

invalidates the dn and userPassword lines. the final dc is interpreted as "com " and the entry for password is seen as " userPassword", both of which are not found.

each entry line must be "trim()"