openldap setup Invalid credentials error (49)
I'm trying to set up openLDAP on fedora 12 and am have not luck authenticating the root user after starting the service. I'm hoping someone with more experience might be willing to help. I left all the settings as default and get the following when I do a simple search:
Code:
[root@claudius ~]# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts Code:
[root@claudius ~]# ldapadd -x -D "cn=Manager,dc=my-domain,dc=com" -W -f base.ldif Code:
[root@claudius ~]# cat base.ldif I've tried substituting several different output strings from slappasswd, but all with the same result. Finally, here is the slap.conf file: Code:
[root@claudius ~]# grep -v ^# /etc/openldap/slapd.conf|cat -s I'd appreciate any advice anyone has. Thanks |
Hi,
You can stop slapd from running and use slapadd to add the ldif: Code:
slapadd -l base.ldif Code:
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts -D "cn=Manager,dc=my-domain,dc=com" -W |
bathory, thanks for the suggestion. I tried the commands with the following results:
Code:
[root@claudius ~]# slapadd -l base.ldif Code:
[root@claudius ~]# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts -D "cn=Manager,dc=my-domain,dc=com" -W |
I just discovered slapcat, which produced the following:
Code:
[root@claudius ~]# slapcat |
The ldif was imported because slapadd does not care about credentials. I suspected the problem was due to the ACL:
Quote:
So are you sure that the rootpw you're using is correct? You can stop slapd and then run it from CLI in debug mode to watch the output and see if you can find the reason why you get the "Invalid Credentials" error: Code:
slapd -d -1 |
I believe the ACL you mentioned is for the "monitor" database. The comments in the slap.conf file seem to indicate that I should be able to leave the general ACL undefined.
Code:
# if no access controls are present, the default policy I may go and use Fedora's Directory server. To be honest, this is my first Linux directory server and I wasn't aware that Fedora had a separate directory project. |
You can try to change the order of the included schema files and see if it makes any difference. At least core.schema should come first:
Code:
include /etc/openldap/schema/core.schema |
Thanks for all your help bathory. I found the problem. I came across some info in the documentation about how the openldap server reads the settings files. Apparently the newest version of openldap reads the settings from the slapd.d directory. Any changes made to slapd.conf are ignored unless there is no slapd.d directory, in which case a new directory and setting file is created from the settings in slapd.conf. You can force the daemon to read the slapd.conf file and overwrite the slapd.d directory files, which is how I was able to resolve the problem.
thanks again. |
What command did you use to forcibly read that file?
Want to know how you resolved that issue? |
from the slapd man page:
Code:
-f slapd-config-file |
All times are GMT -5. The time now is 10:14 PM. |