LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   openldap ldap_bind: Invalid credentials (49) (https://www.linuxquestions.org/questions/linux-newbie-8/openldap-ldap_bind-invalid-credentials-49-a-853873/)

sanjaydelhi 01-03-2011 05:15 AM
openldap ldap_bind: Invalid credentials (49)
 
I was trying to learn OpenLdap on Ubuntu 9.04.


Code:
# slapd.conf - Configuration file for LDAP SLAPD
##########
# Basics #
##########
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel none
modulepath /usr/lib/ldap
# modulepath /usr/local/libexec/openldap
moduleload back_hdb
##########################
# Database Configuration #
##########################
database hdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /var/lib/ldap
# directory /usr/local/var/openldap-data
index objectClass,cn eq
########
# ACLs #
########
access to attrs=userPassword
      by anonymous auth
      by self write
      by * none
access to *
      by self write
      by * none
my ldap.conf is

Code:
# This file should be world readable but not world writable.

#BASE        dc=example,dc=com
#URI        ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT        12
#TIMELIMIT        15
#DEREF                never

# LDAP Client Settings
URI ldap://localhost
BASE dc=example,dc=com
BINDDN cn=Manager,dc=example,dc=com
SIZELIMIT 0
TIMELIMIT 0

then I tested my configuration using

Code:
sudo slaptest -v -f slapd.conf
which was ok.

Then I restared openldap server using

Code:
sudo invoke-rc.d slapd restart

Then I tried followng command

Code:
ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base

I get following prompt

Enter LDAP Password:

I entered secret

but I get following error


ldap_bind: Invalid credentials (49)


Please help

acid_kewpie 01-03-2011 05:37 AM
use the slappasswd tool to get an encrypted password and replace the plaintext one with that, e.g. "rootpw {SSHA}W0CjkdAxj7ziBcG37+Bog2zf1bIf2GrA"

sanjaydelhi 01-03-2011 07:24 AM
I tried not working

{SSHA}EN3+ZmSaaZSb5ndB9FlDLzs+fM2Sc2lL

acid_kewpie 01-03-2011 08:12 AM
what does the server log say about the attempt?

sanjaydelhi 01-03-2011 12:56 PM
Well thanks for trying to help.




I tried to look into /var/log/syslog. But I could not find anything useful with respect to slapd.

So I tried something different.

I killed process using

Code:
sudo kill `pgrep slapd`
Then I started server in first shell manually at trace level to print all messages in foreground using

Code:
sudo slapd -d Trace
It printed lot of messages in the process of startup. But I don't think there is a problem in startup.

After I entered following search command in second shell

Code:
ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base
I got following messages in the first shell where I started slapd manually at trace level.




Code:
slapd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
backend_startup_one: starting "dc=nodomain"
hdb_db_open: database "dc=nodomain": dbenv_open(/var/lib/ldap).
slapd starting
slap_listener_activate(8):
>>> slap_listener(ldap:///)
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 46 contents:
ber_get_next
conn=0 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com>
<<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, <cn=manager,dc=example,dc=com>
do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 14 bytes to sd 13
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
ber_get_next on fd 13 failed errno=0 (Success)
connection_close: conn=0 sd=13

acid_kewpie 01-03-2011 01:08 PM
where is dc=nodomain coming from? I'm not that used to slapd logs, but there's no reference to loading your "example" domain at all... are you configuring the wrong slapd.conf file or something like that?

btw, afaik slapd should log to /var/log/ldap.log or similar.

sanjaydelhi 01-03-2011 01:16 PM
I exactly had same doubt.

I searched

sudo find / -name 'slapd.conf'


and I got only one which I am using.

/etc/ldap/slapd.conf

sanjaydelhi 01-03-2011 01:30 PM
I did it :-)


sudo slapd -f /etc/ldap/slapd.conf -d config


with -f option, I specified file and it worked. I doubt it could not find my configuration file slapd.conf, so it started server with default configuration. But when I provided file with -f option, it worked.


Thank you very much for help.

salarzai 03-14-2011 08:21 PM
I have exactly the same problem however I could not solve the problem. Plz sanjaydelhi if you can spare sometime then kindly help me out how to resolve this.
Cheers,

sanjaydelhi 03-16-2011 09:29 AM
Oh I came to LQ after long time.

Right now I am not doing r&d on OpenLDAP. But I installed OpenLDAP on Ubuntu 10.10 mulitple times and run it with the method I just described above. In Ubuntu 10.10 after installing OpenLDAP through package installer, you will have to manually add few files in your OpenLDAP installation on Ubuntu 10.10. The location of the files you will have to find out because I have forgotten now. Otherwise install OpenLDAP on Ubuntu 9.04. It works okay in Ubuntu 9.04.

Good luck.


[Edit]
I tried to attach file, but looks like zip files are not allowed, so I will write names of those files here
id2entry.bdb
dn2id.bdb
DB_CONFIG

Note that I did not find OpenLDAP document sufficient.


All times are GMT -5. The time now is 12:54 PM.