LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Debian (https://www.linuxquestions.org/questions/debian-26/)
-   -   openldap - ldap_bind: Invalid credentials (49) (https://www.linuxquestions.org/questions/debian-26/openldap-ldap_bind-invalid-credentials-49-a-4175633425/)

dh2k 07-06-2018 09:08 AM
openldap - ldap_bind: Invalid credentials (49)
 
I've been going round in circles for weeks - seems like the DIT has no admin user - or no admin user exists even though config file and dpkg-reconfigure has been followed as per dozens of guides from google search - seems this is a very, very widespread issue - probably a config issue no doubt - but this service does not really make the issue clear to remedy, any assistance appreciated Debian forum, TIA.

Some output below...
(also this environmnent is on a VPS with IPv4 public WAN IP - no NAT)



I've apt-get install slapd
[slapd is already the newest version (2.4.44+dfsg-5+deb9u1).]


Ive run dpkg-reconfigure slapd
and entered:
Code:
Omit OpenLDAP server config: No
DNS Domain: awesome.uk
Organization name: awesome
Administrator password: {plain text of same as my SHA1 below in config}
Database backend: HDB
Purge DB: No
Move DB: Yes

Config file looks like this:
(I'll harden this up with TLS and certs when basic config is working...)

Code:
root@unicorn03:/etc# cat /etc/ldap/slapd.d/slapd.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE    dc=awesome,dc=uk
URI    ldap://{WAN IP} ldap://{WAN IP}:666
rootdn  cn=ldapadmin,dc=awesome,dc=uk
rootpw  {SSHA}{RETRACTED}


root@unicorn03:~# ldapsearch -x -W -D 'cn=ldapadmin,dc=awesome,dc=uk' -b "" -s base
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
root@unicorn03:~#




Same error occurs with phpldapadmin webUi
i.e. "Invalid credentials (49)"




While ldapsearch -x output:

Code:

root@unicorn03:~# ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1
root@unicorn03:~#







Code:
root@unicorn03:~# systemctl status slapd
* slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
  Loaded: loaded (/etc/init.d/slapd; generated; vendor preset: enabled)
  Active: active (running) since Fri 2018-07-06 15:09:58 BST; 2min 23s ago
    Docs: man:systemd-sysv-generator(8)
  Process: 14388 ExecStart=/etc/init.d/slapd start (code=exited, status=0/SUCCESS)
    Tasks: 3 (limit: 4915)
  CGroup: /system.slice/slapd.service
          `-14394 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d

Jul 06 15:09:58 unicorn03 systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Jul 06 15:09:58 unicorn03 slapd[14393]: @(#) $OpenLDAP: slapd  (Aug 10 2017 19:12:46) $
                                                Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
Jul 06 15:09:58 unicorn03 slapd[14394]: slapd starting
Jul 06 15:09:58 unicorn03 slapd[14388]: Starting OpenLDAP: slapd.
Jul 06 15:09:58 unicorn03 systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
root@unicorn03:~#













EDIT:
also tried with WAN IP on URI in /etc/default/slapd
and also localhost IP - to no avail but instead [Can't contact LDAP server (-1)]


Code:

root@unicorn03:~# grep -iC1 "ldap://" /etc/default/slapd
# Example usage:
# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
#SLAPD_SERVICES="ldap:/// ldapi:///"
SLAPD_SERVICES="ldap://WAN_IP_RETRACTED:389/ ldapi:///"

root@unicorn03:~# service slapd restart
root@unicorn03:~# ldapsearch -x -W -D 'cn=ldapadmin,dc=awesome,dc=uk' -b "" -s base
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
root@unicorn03:~# service slapd status
* slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
  Loaded: loaded (/etc/init.d/slapd; generated; vendor preset: enabled)
  Active: active (running) since Fri 2018-07-06 15:34:59 BST; 10s ago
    Docs: man:systemd-sysv-generator(8)
  Process: 19181 ExecStop=/etc/init.d/slapd stop (code=exited, status=0/SUCCESS)
  Process: 19187 ExecStart=/etc/init.d/slapd start (code=exited, status=0/SUCCESS)
    Tasks: 3 (limit: 4915)
  CGroup: /system.slice/slapd.service
          `-19194 /usr/sbin/slapd -h ldap://WAN_IP_RETRACTED:389/ ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d

Jul 06 15:34:59 unicorn03 slapd[19181]: Stopping OpenLDAP: slapd.
Jul 06 15:34:59 unicorn03 systemd[1]: Stopped LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Jul 06 15:34:59 unicorn03 systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Jul 06 15:34:59 unicorn03 slapd[19193]: @(#) $OpenLDAP: slapd  (Aug 10 2017 19:12:46) $
                                                Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
Jul 06 15:34:59 unicorn03 slapd[19194]: slapd starting
Jul 06 15:34:59 unicorn03 slapd[19187]: Starting OpenLDAP: slapd.
Jul 06 15:34:59 unicorn03 systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
root@unicorn03:~#












With localhost IP:

Code:

root@unicorn03:~# service slapd status
* slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
  Loaded: loaded (/etc/init.d/slapd; generated; vendor preset: enabled)
  Active: active (running) since Fri 2018-07-06 15:37:23 BST; 3s ago
    Docs: man:systemd-sysv-generator(8)
  Process: 19850 ExecStop=/etc/init.d/slapd stop (code=exited, status=0/SUCCESS)
  Process: 19856 ExecStart=/etc/init.d/slapd start (code=exited, status=0/SUCCESS)
    Tasks: 3 (limit: 4915)
  CGroup: /system.slice/slapd.service
          `-19863 /usr/sbin/slapd -h ldap://127.0.0.1:389/ ldaps:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d

Jul 06 15:37:23 unicorn03 slapd[19850]: Stopping OpenLDAP: slapd.
Jul 06 15:37:23 unicorn03 systemd[1]: Stopped LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Jul 06 15:37:23 unicorn03 systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Jul 06 15:37:23 unicorn03 slapd[19862]: @(#) $OpenLDAP: slapd  (Aug 10 2017 19:12:46) $
                                                Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
Jul 06 15:37:23 unicorn03 slapd[19863]: slapd starting
Jul 06 15:37:23 unicorn03 slapd[19856]: Starting OpenLDAP: slapd.
Jul 06 15:37:23 unicorn03 systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
root@unicorn03:~# ldapsearch -x -W -D 'cn=ldapadmin,dc=awesome,dc=uk' -b "" -s base
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
root@unicorn03:~#

bathory 07-06-2018 03:10 PM
Hi,

I'm not familiar with the Debian openldap package installation, but according to this, the correct admin dn is:
Code:
cn=admin, dc=awesome,dc=uk
.
Also note that in newer openldap versions the slapd.conf file is deprecated in favor of "cn=config" DIT

Regards


All times are GMT -5. The time now is 08:54 AM.