Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 09-06-2011, 01:33 AM   #1
Registered: Aug 2011
Posts: 113

Rep: Reputation: Disabled
ldap SASL invalid credential


I am trying to set up a LDAP server by installing openLDAP on my Ubuntu Server 10.04. I managed to add in data to the server. However, when I did ldapsearch to check if it's working, I kept getting invalid credentials as follows

ldapsearch -b "ou=accounts,dc=example,dc=com" -h localhost "(cn=john*)"
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database

This error only occurs if I wanted to search for a particular user with his/her password. But it works fine and I do not get any error messages when doing ldapsearch for the content in the LDAP server, for example > ldapsearch -xLLL -W -D "cn=admin,dc=example,dc=au" -b "dc=example,dc=au" "(objectclass=*)".

I then run ldapsearch -D "cn=admin,dc=pbj,dc=com,dc=au" -W -d 255
Enter LDAP Password:
ldap_new_connection 1 1 0
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying ::1 389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful

It seems as if I use SASL bind when I believe I do not use it.

Here is what I have in my slapd.conf

#allow bind_v2

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema

pidfile /var/run/slapd/

argsfile /var/run/slapd/slapd.args

loglevel none

modulepath /usr/lib/ldap
moduleload back_hdb

sizelimit 500

tool-threads 1

backend hdb

database hdb

suffix "dc=example,dc=com"

rootdn "cn=admin,dc=example,dc=com"
rootpw admin1221

directory "/var/lib/ldap"

dbconfig set_cachesize 0 2097152 0

dbconfig set_lk_max_lockers 1500

index objectClass eq

lastmod on

checkpoint 512 30

access to attrs=userPassword
by dn="cn=dovecot,ou=accounts,dc=example,dc=com" read
by anonymous auth

access to dn.base="" by * read

access to *
by dn="cn=admin,dc=pbj,dc=com,dc=au" write
by * read

Here is the data.ldif
# LDAP admin
dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: secrets

dn: ou=accounts,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: accounts

dn: cn=dovecot,ou=accounts,dc=example,dc=com
objectClass: top
objectClass: person
cn: dovecot
sn: dovecot

dn: uid=john doe,ou=accounts,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: posixAccount
cn: John Doe
sn: Doe
uid: john doe
uidNumber: 1004
gidNumber: 1003
userPassword: jdoe777
homeDirectory: /home/jdoe

If it uses the SASL bind, how do I make the password in SASL? Sorry if I ask this silly question as I am quite new to this whole LDAP but really keen to learn it.

Any help is appreciated and thank you
Old 09-06-2011, 03:12 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984
Just use the -x option on ldapsearch for a simple bind.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ldap bind: invalid credential (49) minakshi Linux - Newbie 9 01-18-2013 03:48 PM
help with sasl and ldap juliyana Linux - Newbie 3 08-19-2008 04:11 PM
LDAP: not compiled with SASL support G00fy Programming 0 12-26-2007 02:33 AM
ldap and sasl arunachalam Linux - General 0 07-24-2006 08:37 AM
LDAP , SASL and Invalid REALM mesh2005 Linux - Networking 0 12-14-2005 08:29 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:21 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration