LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-06-2011, 01:33 AM   #1
said76
Member
 
Registered: Aug 2011
Posts: 113

Rep: Reputation: Disabled
ldap SASL invalid credential


Hi,

I am trying to set up a LDAP server by installing openLDAP on my Ubuntu Server 10.04. I managed to add in data to the server. However, when I did ldapsearch to check if it's working, I kept getting invalid credentials as follows

ldapsearch -b "ou=accounts,dc=example,dc=com" -h localhost "(cn=john*)"
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database

This error only occurs if I wanted to search for a particular user with his/her password. But it works fine and I do not get any error messages when doing ldapsearch for the content in the LDAP server, for example > ldapsearch -xLLL -W -D "cn=admin,dc=example,dc=au" -b "dc=example,dc=au" "(objectclass=*)".

I then run ldapsearch -D "cn=admin,dc=pbj,dc=com,dc=au" -W -d 255
ldap_create
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying ::1 389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request

It seems as if I use SASL bind when I believe I do not use it.

Here is what I have in my slapd.conf

#allow bind_v2

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema

pidfile /var/run/slapd/slapd.pid

argsfile /var/run/slapd/slapd.args

loglevel none

modulepath /usr/lib/ldap
moduleload back_hdb

sizelimit 500

tool-threads 1

backend hdb

database hdb

suffix "dc=example,dc=com"

rootdn "cn=admin,dc=example,dc=com"
rootpw admin1221

directory "/var/lib/ldap"

dbconfig set_cachesize 0 2097152 0

dbconfig set_lk_max_lockers 1500

index objectClass eq

lastmod on

checkpoint 512 30

access to attrs=userPassword
by dn="cn=dovecot,ou=accounts,dc=example,dc=com" read
by anonymous auth

access to dn.base="" by * read

access to *
by dn="cn=admin,dc=pbj,dc=com,dc=au" write
by * read

Here is the data.ldif
# LDAP admin
dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: secrets

dn: ou=accounts,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: accounts

dn: cn=dovecot,ou=accounts,dc=example,dc=com
objectClass: top
objectClass: person
cn: dovecot
sn: dovecot

dn: uid=john doe,ou=accounts,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: posixAccount
cn: John Doe
sn: Doe
uid: john doe
uidNumber: 1004
gidNumber: 1003
userPassword: jdoe777
homeDirectory: /home/jdoe

If it uses the SASL bind, how do I make the password in SASL? Sorry if I ask this silly question as I am quite new to this whole LDAP but really keen to learn it.

Any help is appreciated and thank you
 
Old 09-06-2011, 03:12 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Just use the -x option on ldapsearch for a simple bind.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ldap bind: invalid credential (49) minakshi Linux - Newbie 9 01-18-2013 03:48 PM
help with sasl and ldap juliyana Linux - Newbie 3 08-19-2008 04:11 PM
LDAP: not compiled with SASL support G00fy Programming 0 12-26-2007 02:33 AM
ldap and sasl arunachalam Linux - General 0 07-24-2006 08:37 AM
LDAP , SASL and Invalid REALM mesh2005 Linux - Networking 0 12-14-2005 08:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration