LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   ldap_bind: Invalid credentials (49) (https://www.linuxquestions.org/questions/linux-general-1/ldap_bind-invalid-credentials-49-a-392905/)

pdrobe 12-14-2005 06:35 PM

ldap_bind: Invalid credentials (49)
 
----- I have Debian Sarge and openLDAP
------ When i try to insert new entries:

#ldapadd -x -D "cn=Admin,o=litho,c=com" -W -f example.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

-------I think I have one error here:

#ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: namingContexts
#

#
dn:

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

------- because dn: is empty

----1) my slapd.conf




include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd.args
loglevel 0

modulepath /usr/lib/ldap/
moduleload back_ldbm.so





backend ldbm


database ldbm
suffix "o=litho, c=com"
directory /var/lib/ldap
rootdn "cn=Admin,o=litho, c=com"
rootpw secret
index cn,sn,uid
index objectclass pres,eq
index default none

defaultaccess read
access to attr=userpassword
by self write
by dn="cn=Admin,o=litho, c=com" write
by * compare


-----my example.ldif


o=litho, c=com
objectClass=organization

o=litho
description=litho

cn=Manager, o=litho, c=com
objectClass=organizationalRole
cn=Manager
description= manager




thanks anyone..................

Gato Azul 12-14-2005 07:52 PM

A typical ldif might look like this:
Code:

# Root Organization
dn: dc=example,dc=com
dc: example
objectClass: dcObject
objectClass: organization
o: Example Inc

# Barbara's Entry
dn: cn=Barbara J Jensen, dc=example, dc=com
cn: Barbara J Jensen
objectClass: person
gn: Barbara
sn: Jensen

I can't say I've ever used the o=example,c=com format, but assuming it works the same way as using dc=, then you're missing the dn: prefix on the line for o=litho,c=com as well as on the cn=Manager, o=litho, c=com line. You should also change a lot of those equal signs to colons. So fixing it up, I would guess that your ldif should look more like this:
Code:

dn: o=litho, c=com
objectClass: organization
o: litho
description: litho

dn: cn=Manager, o=litho, c=com
objectClass: organizationalRole
cn: Manager
description: manager

and maybe you might want to add objectClass=dcObject to the first entry too? If I were doing it, I'd write it as such:
Code:

dn: dc=litho,dc=com
dc: litho
objectClass: dcObject
objectClass: organization
o: litho
description: litho

dc: cn=Manager, dc=litho, dc=com
objectClass: organizationalRole
cn: Manager
description: manager

Disclaimer: I'm fairly new myself to LDAP, so there might be some mistakes in there, but hopefully that should get you on the right track. A good site on the LDIF format can be found here at the Linux Documentation Project, and another good one here.

Hope that helps! :cool:

pdrobe 12-15-2005 08:50 AM

thanks but I do that and obtained the same error:

ldap_bind: Invalid credentials (49)

help me anyone................

Gato Azul 12-15-2005 11:15 AM

Quote:

Originally Posted by pdrobe
thanks but I do that and obtained the same error:

ldap_bind: Invalid credentials (49)

help me anyone................

Oh...sorry! I missed that part in your original post. If you're getting an Invalid credentials (49) error, then it's not a problem with your ldif file. It means either your administrative account isn't set up properly or your password isn't being accepted.

I noticed in your slapd.conf that you had this line:
Code:

rootpw secret
Most tutorials that I've seen show that, but don't explain that you need to change the secret part to an actual password, usually encrypted with the slappasswd command. So, I'm guessing that that might be your problem.

Here is the man page for slappasswd. An example usage would be:
Code:

slappasswd -h {CRYPT} -c '$2a$05$%.24s'
This will output a blowfish encrypted password, which you can then copy and paste into your slapd.conf file, replacing the word secret in the rootpw line.

Just as a general LDAP help for everyone, here are a couple good sites on LDAP error codes and what they mean:
http://web500gw.sourceforge.net/errors.html
http://www.directory-info.com/LDAP/LDAPErrorCodes.html

Also, a nice graphical interface to LDAP that I personally use and like is LDAP Browser. You can import ldifs, export a whole directory or portions of it to an ldif, modify entries, etc. It's written in Java, so it's portable, but sadly it appears to be unmaintained.

Anyway, I hope that helps! I know LDAP can be pretty frustrating at times since it's certainly not the most user-friendly piece of software out there, but...it gets better eventually, so keep up the good effort and it'll pay off! :cool:

pdrobe 12-15-2005 12:21 PM

I try that but the error is the same
I think the error is because dn is Invalid

collen 12-16-2005 06:49 AM

got the simmulair problem here, ldap_bind: Invalid credentials (49)
tried differend database backends,

ldbm gives back this error:
ber_get_next on fd 11 failed errno=11 (Resource temporarlily unavailable)

dbd gives back this error:
<= dbd_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found

both with the invalid credentials ..
tried, {CRYPT}, {SSH} and {PLAINTEXT} as passwordhash and rootpw.. no differance..

dunno what to do next...

Larz Collen

fouldsy 12-16-2005 07:08 AM

Try sticking "-d 255" on whilst doing an ldap search as this will display a load of debug stuff and report back on the problem in more detail. Authentication issues could be a number of things. Also, within /etc/hosts, make sure an entry exists for the server detailing it's FQDN. For example, you might have fatcontroller.homelinux.net, not just fatcontroller.homelinux.

collen 12-16-2005 07:58 AM

Quote:

Originally Posted by fouldsy
Try sticking "-d 255" on whilst doing an ldap search as this will display a load of debug stuff and report back on the problem in more detail. Authentication issues could be a number of things. Also, within /etc/hosts, make sure an entry exists for the server detailing it's FQDN. For example, you might have fatcontroller.homelinux.net, not just fatcontroller.homelinux.

- linux debian sarge
- openldap 2.2.26

No worry, the FQDN is there (the server is also a DNS-server)
all ldap things are issued localy, but the outcome is the same with the -h <FQDN>

debug level 255 gives alot of info,
ldap search is not giving anny errors back
ldapsearch -d 255 -h <FQDN> -x -b '' -s base '(objectclass=*)' namingContexts


ldapadd is however giving that:
ber_get_next on fd 11 failed errno=11 (Resource temporarlily unavailable)
<= dbd_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found


dunno there are files in the DB dir (/var/lib/ldap) and slap is runned by root so??

fouldsy 12-16-2005 09:26 AM

collen - please open a new thread with your problem. My suggestions (although still the same with your issue as a starting point to see what is wrong) were for the initial poster.

It's going to get confusing with two different people + two different problems in the same thread :)

collen 12-16-2005 09:43 AM

Quote:

Originally Posted by fouldsy
It's going to get confusing with two different people + two different problems in the same thread :)

hehe, hmm thought we had the same problem, read the first post.
same error, same os, same command is issued,same scheme.

same bug, only i posted some additional info regarding the debug info!

so what is the prob??

fouldsy 12-16-2005 12:29 PM

collen - It's not a bug, it's an incorrect configuration somewhere along the lines.

The problem is one person comes having tried something, needs another suggestion, an idea is offered, then the first comes back and posts afterwards, and you go round + round not knowing who's posting responses to what.

Try giving more info such as your ldap.conf + slapd.conf, whether you have enabled SSL connections, whether you're trying connecting on the same physical machine or a client, etc. I'd still urge to start a new thread with all this info being passed back + forth, but certainly keep an eye on this to see what solutions are suggested.

pdrobe - have you tried with extra debug statements to see if you have anything being reported as to where the failure is and check your hosts file? Although you're trying to add users first, you should at least have an empty schema setup which should report something with:
Code:

ldapsearch -D "cn=Manager,dc=genfic,dc=com" -W -d 255
obviously changing your dn settings.

lakhera2010 03-08-2010 08:06 AM

I just found the solution of this issue atleast in my case its working :)
I just comment out the nameserver line /etc/resolv.conf as i am using

suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"


As it trying to resolv example.com from external source and not from my pc.After that i am able to add OU/users.

[root@localhost ldif]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f root.ldif
Enter LDAP Password:
adding new entry "dc=example,dc=com"

gopa 09-13-2012 02:41 AM

Invalid Credentials(49) for openLDAP
 
First we have create Organisation

Second Organisation Structurre

Third inetorgPerson
...........................................


We have to follow the above structure with proper spaces in all the structure.....

Ensure there are no spaces after every line in while writing the organisation, Org Structure and inetorgperson.


Hope it helps.

Regards,
Gopal Varma P


All times are GMT -5. The time now is 12:14 AM.