[SOLVED] openldap ldap_bind: Invalid credentials (49)

sanjaydelhi · 01-03-2011, 05:15 AM

I was trying to learn OpenLdap on Ubuntu 9.04.

Code:

# slapd.conf - Configuration file for LDAP SLAPD
##########
# Basics #
##########
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel none
modulepath /usr/lib/ldap
# modulepath /usr/local/libexec/openldap
moduleload back_hdb
##########################
# Database Configuration #
##########################
database hdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /var/lib/ldap
# directory /usr/local/var/openldap-data
index objectClass,cn eq
########
# ACLs #
########
access to attrs=userPassword
       by anonymous auth
       by self write
       by * none
access to *
       by self write
       by * none

my ldap.conf is

Code:

# This file should be world readable but not world writable.

#BASE	dc=example,dc=com
#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT	12
#TIMELIMIT	15
#DEREF		never

# LDAP Client Settings
URI ldap://localhost
BASE dc=example,dc=com
BINDDN cn=Manager,dc=example,dc=com
SIZELIMIT 0
TIMELIMIT 0

then I tested my configuration using

Code:

sudo slaptest -v -f slapd.conf

which was ok.

Then I restared openldap server using

Code:

sudo invoke-rc.d slapd restart

Then I tried followng command

Code:

ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base

I get following prompt

Enter LDAP Password:

I entered secret

but I get following error

ldap_bind: Invalid credentials (49)

Please help

acid_kewpie · 01-03-2011, 05:37 AM

use the slappasswd tool to get an encrypted password and replace the plaintext one with that, e.g. "rootpw {SSHA}W0CjkdAxj7ziBcG37+Bog2zf1bIf2GrA"

sanjaydelhi · 01-03-2011, 07:24 AM

I tried not working

{SSHA}EN3+ZmSaaZSb5ndB9FlDLzs+fM2Sc2lL

acid_kewpie · 01-03-2011, 08:12 AM

what does the server log say about the attempt?

sanjaydelhi · 01-03-2011, 12:56 PM

Well thanks for trying to help.

I tried to look into /var/log/syslog. But I could not find anything useful with respect to slapd.

So I tried something different.

I killed process using

Code:

sudo kill `pgrep slapd`

Then I started server in first shell manually at trace level to print all messages in foreground using

Code:

sudo slapd -d Trace

It printed lot of messages in the process of startup. But I don't think there is a problem in startup.

After I entered following search command in second shell

Code:

ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base

I got following messages in the first shell where I started slapd manually at trace level.

Code:

slapd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
backend_startup_one: starting "dc=nodomain"
hdb_db_open: database "dc=nodomain": dbenv_open(/var/lib/ldap).
slapd starting
slap_listener_activate(8): 
>>> slap_listener(ldap:///)
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 46 contents:
ber_get_next
conn=0 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com>
<<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, <cn=manager,dc=example,dc=com>
do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 14 bytes to sd 13
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
ber_get_next on fd 13 failed errno=0 (Success)
connection_close: conn=0 sd=13

acid_kewpie · 01-03-2011, 01:08 PM

where is dc=nodomain coming from? I'm not that used to slapd logs, but there's no reference to loading your "example" domain at all... are you configuring the wrong slapd.conf file or something like that?

btw, afaik slapd should log to /var/log/ldap.log or similar.

sanjaydelhi · 01-03-2011, 01:16 PM

I exactly had same doubt.

I searched

sudo find / -name 'slapd.conf'

and I got only one which I am using.

/etc/ldap/slapd.conf

sanjaydelhi · 01-03-2011, 01:30 PM

I did it :-)

sudo slapd -f /etc/ldap/slapd.conf -d config

with -f option, I specified file and it worked. I doubt it could not find my configuration file slapd.conf, so it started server with default configuration. But when I provided file with -f option, it worked.

Thank you very much for help.

salarzai · 03-14-2011, 08:21 PM

I have exactly the same problem however I could not solve the problem. Plz sanjaydelhi if you can spare sometime then kindly help me out how to resolve this.
Cheers,

sanjaydelhi · 03-16-2011, 09:29 AM

Oh I came to LQ after long time.

Right now I am not doing r&d on OpenLDAP. But I installed OpenLDAP on Ubuntu 10.10 mulitple times and run it with the method I just described above. In Ubuntu 10.10 after installing OpenLDAP through package installer, you will have to manually add few files in your OpenLDAP installation on Ubuntu 10.10. The location of the files you will have to find out because I have forgotten now. Otherwise install OpenLDAP on Ubuntu 9.04. It works okay in Ubuntu 9.04.

Good luck.

[Edit]
I tried to attach file, but looks like zip files are not allowed, so I will write names of those files here
id2entry.bdb
dn2id.bdb
DB_CONFIG

Note that I did not find OpenLDAP document sufficient.