LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 12-03-2010, 06:15 AM   #1
dshivji
LQ Newbie
 
Registered: Dec 2010
Posts: 2

Rep: Reputation: 0
ldap 2.4 rhel6 problem with openldap ldap_bind: Invalid credentials (49)


Hi
M trying to install sendmail server on rhel6.i am having problem in setting up openldap.
Please help

regards
Mukesh
following is slapd.conf

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#

include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema

# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

# Load dynamic backend modules:
# Module syncprov.la is now statically linked with slapd and there
# is no need to load it here
# modulepath /usr/lib/openldap # or /usr/lib64/openldap
# moduleload accesslog.la
# moduleload auditlog.la
## To load this module, you have to install openldap-server-sql first
# moduleload back_sql.la
## Following two modules can't be loaded simultaneously
# moduleload dyngroup.la
# moduleload dynlist.la
# moduleload lastmod.la
# moduleload pcache.la
# moduleload ppolicy.la
# moduleload refint.la
# moduleload retcode.la
# moduleload rwm.la
# moduleload translucent.la
# moduleload unique.la
# moduleload valsort.la

# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#
#
access to * by self write by 'dn="cn=Manager,ou=People,dc=chowgules,dc=ac,dc=in"' write by 'dn="cn=Manager,ou=People1,dc=chowgules,dc=ac,dc=in"' write by * read

access to * by 'dn="cn=Manager,dc=chowgules,dc=ac,dc=in"' write by * read

access to * by 'dn.exact="cn=Manager,dc=chowgules,dc=ac,dc=in"' write by * write

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database bdb
suffix dc=chowgules,dc=ac,dc=in
#checkpoint 1024 15
rootdn cn=Manager,dc=chowgules,dc=ac,dc=in
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw {crypt}ijFYNcSNctBYg
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap

# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM


# enable monitoring
database monitor

# allow onlu rootdn to read the monitor
TLSCipherSuite HIGH:MEDIUM:+SSLv2:+SSLv3:RSA
TLSCACertificateFile /etc/openldap/cacerts/server.pem
TLSCertificateFile /etc/openldap/cacerts/server.pem
TLSCertificateKeyFile /etc/openldap/cacerts/server.pem
TLSVerifyClient allow


following is my ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
#BASE dc=example,dc=com
#HOST 192.168.1.10
#URI ldap://192.168.1.10/
#TLS_CACERTDIR /etc/openldap/cacerts

URI ldap://mail.chowgules.ac.in/
BASE dc=chowgules,dc=ac,dc=in
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow

openldap server starts properly
and if i run following command

ldapsearch -x uid=dms002 -b "dc=chowgules,dc=ac,dc=in"

i get output as below.

# extended LDIF
#
# LDAPv3
# base <dc=chowgules,dc=ac,dc=in> with scope subtree
# filter: uid=dms002
# requesting: ALL
#

# dms002, People, chowgules.ac.in
dn: uid=dms002,ou=People,dc=chowgules,dc=ac,dc=in
cn: dms002
gidNumber: 500019
homeDirectory: /home/dms002
loginShell: /bin/bash
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 14582
shadowMax: 99999
shadowWarning: 7
uidNumber: 500019
uid: dms002
userPassword:: e2NyeXB0fSQxJFY4S2kuWjVKJC5IQnJoWXRUMWE2eVBMRkloajlJLi4=

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


but if i try to change ldap password it gives

ldap_bind: Invalid credentials (49) error

i was successfully able to restore my ldif file from old rhel 5.3 server on to rhel 6

kindly help
 
Old 12-03-2010, 07:34 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,772

Rep: Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294
Quote:
but if i try to change ldap password it gives

ldap_bind: Invalid credentials (49) error
What is the exact command you use to change user's password?
 
Old 12-04-2010, 01:51 AM   #3
dshivji
LQ Newbie
 
Registered: Dec 2010
Posts: 2

Original Poster
Rep: Reputation: 0
command i use to change password

Quote:
Originally Posted by bathory View Post
What is the exact command you use to change user's password?
thnkx for quick reply!

i use following to change password

ldappasswd -x -W -D "cn=Manager,dc=chowgules,dc=ac,dc=in" "uid=dms002,ou=People,dc=chowgules,dc=ac,dc=in"
 
Old 12-04-2010, 03:23 AM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,772

Rep: Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294Reputation: 1294
Hi,

The command looks OK. I suspect that RHEL6 uses the new "cn=config" for configuring openldap. To verify stop the slapd service and run the following command to start the daemon:
Code:
/usr/sbin/slapd -f /etc/openldap/slapd.conf
Then try the ldappasswd and see if it works.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ldap_bind: Invalid credentials (49) jlpeifer Linux - Server 3 11-02-2010 03:31 PM
LEARNING LDAP -> ldap_bind: Invalid Credentials (49) peterson.julia Linux - Newbie 1 09-19-2010 11:28 PM
ldap: ldap_bind: Invalid credentials (49) (using user migrated with padl) eantoranz Linux - Software 1 09-05-2008 09:52 AM
ldap_bind: Invalid credentials (49) on OpenLDAP server gergaholic Linux - Server 7 11-08-2007 09:03 AM
ldap_bind: Invalid credentials (49) on OpenLDAP server gergaholic Fedora 2 11-05-2007 03:23 PM


All times are GMT -5. The time now is 04:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration