LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 05-22-2012, 09:30 AM   #1
itz4vj
LQ Newbie
 
Registered: May 2012
Posts: 8
Blog Entries: 1

Rep: Reputation: Disabled
Unable to login to phpldapadmin - Linux


Hi,

I would like to login to the phpldapadmin which was setup in our environment. Wheoever had account is no longer works for the company and I need to either create a new account or reset the password for the existing account.


When I'm trying to creae a new account on ldap, im getting the below issue.

Enter LDAP Password:
ldap_bind: Invalid credentials (49)


I created a new password using slappasswd utility and update rootpw entry in /etc/openldap/slapd.conf and restarted /etc/init.d/ldap , but still the new LDAP password is not working.


Here is my slapd.conf file

----------------------------------------------------



# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openssh-lpk.schema
include /etc/openldap/schema/schema.OpenLDAP
include /etc/openldap/schema/mydyngroup.schema


# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

# Load dynamic backend modules:
modulepath /usr/lib64/openldap

# Modules available in openldap-servers-overlays RPM package
# Module syncprov.la is now statically linked with slapd and there
# is no need to load it here
# moduleload accesslog.la
# moduleload auditlog.la
# moduleload denyop.la
# moduleload dyngroup.la
moduleload dynlist.la



# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
TLSCACertificateFile /etc/pki/tls/certs/slapd-chain.pem
TLSCertificateFile /etc/pki/tls/hostkeys/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/hostkeys/slapd.key


# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
security ssf=256



# rootdn can always read and write EVERYTHING!

access to attrs=userPassword
by self write
by dn.one="ou=ldapAdmins,dc=ec2,dc=scloud,dc=com" write
by * auth

access to *
by dn.one="ou=ldapAdmins,dc=ec2,dc=scloud,dc=com" write
by anonymous read
by self write
by * read
#by tls_ssf=256 ssf=256 anonymous auth
#by tls_ssf=256 ssf=256 self write
#by * none


#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database bdb
suffix "dc=ec2,dc=supervalucloud,dc=com"
rootdn "cn=ldapadm,dc=ec2,dc=scloud,dc=com"
rootpw "{SSHA}HTyhL3asN+cPtCkvPWVbG64vrX8p2QJw"


#rootpw "{SSHA}3hO3PnDPLCWhkgX/AMOvQGRVfVJsuGOn"
#rootdn "cn=ldapadm,dc=ec2,dc=supervalu,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
#rootpw {CRYPT}AtiB5uZmzWOyY

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap

dirtyread

# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index sudoUser eq,pres,sub
index member eq,pres

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM

overlay dynlist
dynlist-attrset groupOfURLs memberURL


---------------------------------------------------------------
 
Old 05-22-2012, 01:19 PM   #2
em31amit
Member
 
Registered: Apr 2012
Location: /root
Distribution: Ubuntu, Redhat, Fedora, CentOS
Posts: 190

Rep: Reputation: 55
Quote:
Originally Posted by itz4vj View Post
Hi,


#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database bdb
suffix "dc=ec2,dc=supervalucloud,dc=com"
rootdn "cn=ldapadm,dc=ec2,dc=scloud,dc=com"
rootpw "{SSHA}HTyhL3asN+cPtCkvPWVbG64vrX8p2QJw"


#rootpw "{SSHA}3hO3PnDPLCWhkgX/AMOvQGRVfVJsuGOn"
#rootdn "cn=ldapadm,dc=ec2,dc=supervalu,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
#rootpw {CRYPT}AtiB5uZmzWOyY

are you using here correct suffix ?? suffix seems different from rootdn ??? are you able to login or using it with ldapsearch command ?
 
Old 05-22-2012, 02:31 PM   #3
itz4vj
LQ Newbie
 
Registered: May 2012
Posts: 8
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by em31amit View Post
are you using here correct suffix ?? suffix seems different from rootdn ??? are you able to login or using it with ldapsearch command ?

Thanks for your reply... I can do ldapsearch and it returns the o/p

.
But if i'm trying to add a user getting the below error

root@ldap02 /usr/local/sbin # addldapuser vkal003
Enter LDAP Password:
ldap_bind: Confidentiality required (13)
additional info: confidentiality required



root@ldap02 /usr/local/sbin # ldapadd -x -D "cn=ldapadm,dc=ec2,dc=svalucloud,dc=com" -W -f /tmp/newentry
Enter LDAP Password:
ldap_bind: Confidentiality required (13)
additional info: confidentiality required


/tmt/newentry - is the file I created and added the below values.

root@ldap02 /usr/local/sbin # cat /tmp/newentry
dn: cn=john peter,dc=ec2,dc=scloud,dc=com
ou: people
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: ldapPublicKey
objectClass: top
cn: John Peter
sn: apal01e
title: User
mail: john.peter@scloud.com
uid: jpete01


I also can't change the ldappasswd and getting the same error.

root@ldap02 /usr/local/sbin # ldappasswd -x -W -D "cn=ldapadm,dc=ec2,dc=scloud,dc=com" "cn=bbar02c,ou=ldapAdmins,dc=ec2,dc=scloud,dc=com"
Enter LDAP Password:
ldap_bind: Confidentiality required (13)
additional info: confidentiality required




Could you please help me on that ?
 
Old 05-25-2012, 04:14 PM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,907

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Hi,

Quote:
ldap_bind: Confidentiality required (13)
You should add a -Z (or -ZZ) in your ldap commands, or if you don't want tls, comment out the following lines:
Quote:
TLSCACertificateFile /etc/pki/tls/certs/slapd-chain.pem
TLSCertificateFile /etc/pki/tls/hostkeys/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/hostkeys/slapd.key
security ssf=256
Regards
 
  


Reply

Tags
ldap, phpldapadmin


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
phpldapadmin issue on login johnsonkv91 Linux - Server 7 04-23-2012 11:52 PM
Unable to get the ldaptree in phpLDAPadmin-tool Uday123 Linux - Networking 1 11-16-2005 05:22 AM
Unable to get the ldaptree in phpLDAPadmin Uday123 General 0 11-15-2005 05:42 AM


All times are GMT -5. The time now is 02:24 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration