ldap_bind: Invalid credentials (49)
 

----- I have Debian Sarge and openLDAP
------ When i try to insert new entries:

#ldapadd -x -D "cn=Admin,o=litho,c=com" -W -f example.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

-------I think I have one error here:

#ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: namingContexts
#

#
dn:

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

------- because dn: is empty

----1) my slapd.conf




include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd.args
loglevel 0

modulepath /usr/lib/ldap/
moduleload back_ldbm.so





backend ldbm


database ldbm
suffix "o=litho, c=com"
directory /var/lib/ldap
rootdn "cn=Admin,o=litho, c=com"
rootpw secret
index cn,sn,uid
index objectclass pres,eq
index default none

defaultaccess read
access to attr=userpassword
by self write
by dn="cn=Admin,o=litho, c=com" write
by * compare


-----my example.ldif


o=litho, c=com
objectClass=organization

o=litho
description=litho

cn=Manager, o=litho, c=com
objectClass=organizationalRole
cn=Manager
description= manager




thanks anyone..................

A typical ldif might look like this:
I can't say I've ever used the o=example,c=com format, but assuming it works the same way as using dc=, then you're missing the dn: prefix on the line for o=litho,c=com as well as on the cn=Manager, o=litho, c=com line. You should also change a lot of those equal signs to colons. So fixing it up, I would guess that your ldif should look more like this:
and maybe you might want to add objectClass=dcObject to the first entry too? If I were doing it, I'd write it as such:
Disclaimer: I'm fairly new myself to LDAP, so there might be some mistakes in there, but hopefully that should get you on the right track. A good site on the LDIF format can be found here at the Linux Documentation Project, and another good one here.

Hope that helps! :cool:

thanks but I do that and obtained the same error:

ldap_bind: Invalid credentials (49)

help me anyone................

Oh...sorry! I missed that part in your original post. If you're getting an Invalid credentials (49) error, then it's not a problem with your ldif file. It means either your administrative account isn't set up properly or your password isn't being accepted.

I noticed in your slapd.conf that you had this line:
Most tutorials that I've seen show that, but don't explain that you need to change the secret part to an actual password, usually encrypted with the slappasswd command. So, I'm guessing that that might be your problem.

Here is the man page for slappasswd. An example usage would be:
This will output a blowfish encrypted password, which you can then copy and paste into your slapd.conf file, replacing the word secret in the rootpw line.

Just as a general LDAP help for everyone, here are a couple good sites on LDAP error codes and what they mean:
http://web500gw.sourceforge.net/errors.html
http://www.directory-info.com/LDAP/LDAPErrorCodes.html

Also, a nice graphical interface to LDAP that I personally use and like is LDAP Browser. You can import ldifs, export a whole directory or portions of it to an ldif, modify entries, etc. It's written in Java, so it's portable, but sadly it appears to be unmaintained.

Anyway, I hope that helps! I know LDAP can be pretty frustrating at times since it's certainly not the most user-friendly piece of software out there, but...it gets better eventually, so keep up the good effort and it'll pay off! :cool:

I try that but the error is the same
I think the error is because dn is Invalid

got the simmulair problem here, ldap_bind: Invalid credentials (49)
tried differend database backends,

ldbm gives back this error:
ber_get_next on fd 11 failed errno=11 (Resource temporarlily unavailable)

dbd gives back this error:
<= dbd_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found

both with the invalid credentials ..
tried, {CRYPT}, {SSH} and {PLAINTEXT} as passwordhash and rootpw.. no differance..

dunno what to do next...

Larz Collen

Try sticking "-d 255" on whilst doing an ldap search as this will display a load of debug stuff and report back on the problem in more detail. Authentication issues could be a number of things. Also, within /etc/hosts, make sure an entry exists for the server detailing it's FQDN. For example, you might have fatcontroller.homelinux.net, not just fatcontroller.homelinux.

- linux debian sarge
- openldap 2.2.26

No worry, the FQDN is there (the server is also a DNS-server)
all ldap things are issued localy, but the outcome is the same with the -h <FQDN>

debug level 255 gives alot of info,
ldap search is not giving anny errors back
ldapsearch -d 255 -h <FQDN> -x -b '' -s base '(objectclass=*)' namingContexts


ldapadd is however giving that:
ber_get_next on fd 11 failed errno=11 (Resource temporarlily unavailable)
<= dbd_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found

dunno there are files in the DB dir (/var/lib/ldap) and slap is runned by root so??

collen - please open a new thread with your problem. My suggestions (although still the same with your issue as a starting point to see what is wrong) were for the initial poster.

It's going to get confusing with two different people + two different problems in the same thread :)

hehe, hmm thought we had the same problem, read the first post.
same error, same os, same command is issued,same scheme.

same bug, only i posted some additional info regarding the debug info!

so what is the prob??

collen - It's not a bug, it's an incorrect configuration somewhere along the lines.

The problem is one person comes having tried something, needs another suggestion, an idea is offered, then the first comes back and posts afterwards, and you go round + round not knowing who's posting responses to what.

Try giving more info such as your ldap.conf + slapd.conf, whether you have enabled SSL connections, whether you're trying connecting on the same physical machine or a client, etc. I'd still urge to start a new thread with all this info being passed back + forth, but certainly keep an eye on this to see what solutions are suggested.

pdrobe - have you tried with extra debug statements to see if you have anything being reported as to where the failure is and check your hosts file? Although you're trying to add users first, you should at least have an empty schema setup which should report something with: obviously changing your dn settings.

I just found the solution of this issue atleast in my case its working :)
I just comment out the nameserver line /etc/resolv.conf as i am using

suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"


As it trying to resolv example.com from external source and not from my pc.After that i am able to add OU/users.

[root@localhost ldif]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f root.ldif
Enter LDAP Password:
adding new entry "dc=example,dc=com"

Invalid Credentials(49) for openLDAP
 

First we have create Organisation

Second Organisation Structurre

Third inetorgPerson
...........................................


We have to follow the above structure with proper spaces in all the structure.....

Ensure there are no spaces after every line in while writing the organisation, Org Structure and inetorgperson.


Hope it helps.

Regards,
Gopal Varma P