Unable to use password during OpenLDAP setup
Hello All!
I'm busy trying to set up an OpenLDAP (on CentOS6) configuration that has run into a snag, hope some of my fellow big brains can help me out! I followed a howto setup on server-world, but when I try and use ldapadd on frontend.ldif I get the following error: [root@sdserver ~]# ldapadd -x -D cn=admin,dc=server,dc=world -W -f frontend.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) The credentials are most certainly not incorrect! The setup is on CentOS6, sdserver.sddomain.local. Here is my exact setup: [root@dir ~]#yum -y install openldap-servers openldap-clients [root@dir ~]#vi /etc/sysconfig/ldap # line 16: uncomment and change SLAPD_LDAPI=yes [root@dir ~]#vi /etc/openldap/slapd.conf # create new pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args [root@dir ~]#rm -rf /etc/openldap/slapd.d/* [root@dir ~]#slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d config file testing succeeded [root@dir ~]#vi /etc/openldap/slapd.d/cn=config/olcDatabase\={0}config.ldif # line 4: change olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break [root@dir ~]#vi /etc/openldap/slapd.d/cn=config/olcDatabase\={1}monitor.ldif # create new dn: olcDatabase={1}monitor objectClass: olcDatabaseConfig olcDatabase: {1}monitor olcAccess: {1}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig creatorsName: cn=config modifiersName: cn=config [root@dir ~]#chown -R ldap. /etc/openldap/slapd.d [root@dir ~]#chmod -R 700 /etc/openldap/slapd.d [root@dir ~]#/etc/rc.d/init.d/slapd start Starting slapd: [ OK ] [root@dir ~]#chkconfig slapd on [root@dir ~]#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=core,cn=schema,cn=config" [root@dir ~]#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=cosine,cn=schema,cn=config" [root@dir ~]#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=nis,cn=schema,cn=config" [root@dir ~]#ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=inetorgperson,cn=schema,cn=config" [root@dir ~]#slappasswd New password: Re-enter new password: (spolier alert... pw is 1111) {SSHA}jaBK/3Ofp0n2QW1YyNOb6/++dRBXHntz [root@dir ~]#vi backend.ldif # create new dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/lib64/openldap olcModuleload: back_hdb dn: olcDatabase=hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {2}hdb olcSuffix: dc=sddomain,dc=local olcDbDirectory: /var/lib/ldap olcRootDN: cn=admin,dc=sddomain,dc=local olcRootPW: {SSHA}jaBK/3Ofp0n2QW1YyNOb6/++dRBXHntz olcDbConfig: set_cachesize 0 2097152 0 olcDbConfig: set_lk_max_objects 1500 olcDbConfig: set_lk_max_locks 1500 olcDbConfig: set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcLastMod: TRUE olcMonitoring: TRUE olcDbCheckpoint: 512 30 olcAccess: to attrs=userPassword by dn="cn=admin,dc=sddomain,dc=local" write by anonymous auth by self write by * none olcAccess: to attrs=shadowLastChange by self write by * read olcAccess: to dn.base="" by * read olcAccess: to * by dn="cn=admin,dc=sddomain,dc=local" write by * read [root@dir ~]#ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=module,cn=config" adding new entry "olcDatabase=hdb,cn=config" [root@dir ~]#vi frontend.ldif # create new dn: dc=sddomain,dc=local objectClass: top objectClass: dcObject objectclass: organization o: Sddomain Local dc: Sddomain dn: cn=admin,dc=sddomain,dc=local objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin userPassword: {SSHA}jaBK/3Ofp0n2QW1YyNOb6/++dRBXHntz dn: ou=people,dc=sddomain,dc=local objectClass: organizationalUnit ou: people dn: ou=groups,dc=sddomain,dc=local objectClass: organizationalUnit ou: groups [root@sdserver ~]# ldapadd -x -D cn=admin,dc=server,dc=world -W -f frontend.ldif Enter LDAP Password: 1111 ldap_bind: Invalid credentials (49) Sonofabeach! After hours of scouring trying to find a solution to my problem, I'm under the impression that OpenLDAP is not reading my password from the correct source... though I'm not sure if that's correct or how to remedy it if it is. It is my second run through on this (had the same problem on my 1st pass) and I even picked the temp password of 1111 this time to keep it simple and make sure it wasn't a simple error with inputting a long password. Anyways, any help would be much appreciated! Thanks all and have a great one! |
Quote:
According to your installation the admin DN is "cn=admin,dc=sddomain,dc=local" Quote:
Code:
ldapadd -x -D cn=admin,dc=sddomain,dc=local -W -f frontend.ldif |
So... I got up this morning and checked out your post and I didn't see any difference between what I had written and what you had suggested. I didn't see any difference. Then my 8 year old son came downstairs, read it once and said, "he's saying you used the login from the howto you were reading and not the one in the file. Can I play Minecraft now?"
Many thanks for the response! You're the hero as of 09:36AM MST! |
All times are GMT -5. The time now is 01:57 AM. |