LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Invalid credentials error (https://www.linuxquestions.org/questions/linux-newbie-8/invalid-credentials-error-4175617587/)

Volcano 11-14-2017 12:50 AM
Invalid credentials error
 
I have installed Openldap 2.4.31

$sudo slapcat -n0

I get the following print in console

......................................
olcRootDN: cn=admin,dc=nodomain
.............................
.........................

olcRootPW:: e1NTSEF9akhVUWl3U2psMys3MTFjZVFoK3hFWEpVdy93dzVTa3c=
............................................


Now when I try to add a ldif file as per below command I get error

ldapadd -D "cn=Manager,dc=example,dc=com" -w password@123 -f /home/tintin/ldif


I get this error:

ldap_bind: Invalid credentials (49)


What is the issue ? how to fix this ?

bathory 11-14-2017 02:52 AM
Hi,
Quote:
I get the following print in console

olcRootDN: cn=admin,dc=nodomain
From your post looks like the admin DN is: cn=admin,dc=nodomain. So you have to use:
Code:
ldapadd -D "cn=admin,dc=nodomain" -w password@123 -f /home/tintin/ldif
If you still get the same error, then you give the wrong password. In this case use your favorite search engine to find out how to reset the openldap admin password for your distro


Regards

Volcano 11-14-2017 03:41 AM
Quote:
Originally Posted by bathory (Post 5780498)
Hi,

From your post looks like the admin DN is: cn=admin,dc=nodomain. So you have to use:
Code:
ldapadd -D "cn=admin,dc=nodomain" -w password@123 -f /home/tintin/ldif
If you still get the same error, then you give the wrong password. In this case use your favorite search engine to find out how to reset the openldap admin password for your distro


Regards
okay...now I run your command ...I get this

$ sudo ldapadd -D "cn=admin,dc=nodomain" -w password@123 -f /home/tintin/ldif

adding new entry "dc=example,dc=com"
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge



ldif
-----------

dn: dc=example,dc=com
dc: example
description: My wonderful company
objectClass: dcObject
objectClass: organization
o: Example, Inc.



dn: ou=people, dc=example,dc=com
ou: people
description: All people in organisation
objectclass: organizationalunit



dn: cn=Robert Smith,ou=people,dc=example,dc=com
objectclass: inetOrgPerson
cn: Robert Smith
cn: Robert J Smith
cn: bob smith
sn: smith
uid: rjsmith
userpassword: rJsmitH
carlicense: HISCAR 123
homephone: 555-111-2222
mail: r.smith@example.com
mail: rsmith@example.com
mail: bob.smith@example.com
description: swell guy
ou: Human Resources

What is the issue here ? Is there any fix to this ?

bathory 11-14-2017 05:08 AM
Quote:
$ sudo ldapadd -D "cn=admin,dc=nodomain" -w password@123 -f /home/tintin/ldif

adding new entry "dc=example,dc=com"
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge
Without more info, I can only guess that you're trying to add the DIT "dc=example,dc=com" in your ldap, while it's not aware of that.
Your DIT is most likely "dc=nodomain", so replace any occurrences of "dc=example,dc=com" with "dc=nodomain" in the ldif you want to add in ldap.
You need also remove the initial "dn: dc=nodomain", as it should be already added during the installation/reconfiguration of ldap

Volcano 11-15-2017 03:57 AM
1 Attachment(s)
Quote:
Originally Posted by bathory (Post 5780518)
Without more info, I can only guess that you're trying to add the DIT "dc=example,dc=com" in your ldap, while it's not aware of that.
Your DIT is most likely "dc=nodomain", so replace any occurrences of "dc=example,dc=com" with "dc=nodomain" in the ldif you want to add in ldap.
You need also remove the initial "dn: dc=nodomain", as it should be already added during the installation/reconfiguration of ldap
okay . I have done the changes...please find the directory structure attached.


but it does not show homophone number and other details when I do a base search

$ldapsearch -x -b "uid=skdas,cn=S K Das,ou=people,dc=nodomain"

# extended LDIF
#
# LDAPv3
# base <uid=skdas,cn=S K Das,ou=people,dc=nodomain> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object
matchedDN: cn=S K Das,ou=people,dc=nodomain

# numResponses: 1

bathory 11-15-2017 06:10 AM
Quote:
...but it does not show homophone number and other details when I do a base search
Of course it doesn't as you're looking for a not existent entry:
Quote:
$ldapsearch -x -b "uid=skdas,cn=S K Das,ou=people,dc=nodomain"
<snip>
result: 32 No such object
matchedDN: cn=S K Das,ou=people,dc=nodomain

# numResponses: 1
The correct searches should be:
Code:
ldapsearch -x -b "cn=S K Das,ou=people,dc=nodomain"
and/or
ldapsearch -x -b "ou=people,dc=nodomain"  "(uid=skdas)"
I suggest you to start reading this e-book, if you want to use ldap

Regards


All times are GMT -5. The time now is 10:13 AM.