Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-03-2011, 06:15 AM
|
#1
|
Member
Registered: Sep 2010
Location: India
Distribution: Ubuntu
Posts: 39
Rep:
|
openldap ldap_bind: Invalid credentials (49)
I was trying to learn OpenLdap on Ubuntu 9.04.
Code:
# slapd.conf - Configuration file for LDAP SLAPD
##########
# Basics #
##########
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel none
modulepath /usr/lib/ldap
# modulepath /usr/local/libexec/openldap
moduleload back_hdb
##########################
# Database Configuration #
##########################
database hdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /var/lib/ldap
# directory /usr/local/var/openldap-data
index objectClass,cn eq
########
# ACLs #
########
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to *
by self write
by * none
my ldap.conf is
Code:
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# LDAP Client Settings
URI ldap://localhost
BASE dc=example,dc=com
BINDDN cn=Manager,dc=example,dc=com
SIZELIMIT 0
TIMELIMIT 0
then I tested my configuration using
Code:
sudo slaptest -v -f slapd.conf
which was ok.
Then I restared openldap server using
Code:
sudo invoke-rc.d slapd restart
Then I tried followng command
Code:
ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base
I get following prompt
Enter LDAP Password:
I entered secret
but I get following error
ldap_bind: Invalid credentials (49)
Please help
Last edited by sanjaydelhi; 01-03-2011 at 06:17 AM.
|
|
|
01-03-2011, 06:37 AM
|
#2
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
use the slappasswd tool to get an encrypted password and replace the plaintext one with that, e.g. "rootpw {SSHA}W0CjkdAxj7ziBcG37+Bog2zf1bIf2GrA"
|
|
1 members found this post helpful.
|
01-03-2011, 08:24 AM
|
#3
|
Member
Registered: Sep 2010
Location: India
Distribution: Ubuntu
Posts: 39
Original Poster
Rep:
|
I tried not working
{SSHA}EN3+ZmSaaZSb5ndB9FlDLzs+fM2Sc2lL
|
|
|
01-03-2011, 09:12 AM
|
#4
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
what does the server log say about the attempt?
|
|
1 members found this post helpful.
|
01-03-2011, 01:56 PM
|
#5
|
Member
Registered: Sep 2010
Location: India
Distribution: Ubuntu
Posts: 39
Original Poster
Rep:
|
Well thanks for trying to help.
I tried to look into /var/log/syslog. But I could not find anything useful with respect to slapd.
So I tried something different.
I killed process using
Code:
sudo kill `pgrep slapd`
Then I started server in first shell manually at trace level to print all messages in foreground using
Code:
sudo slapd -d Trace
It printed lot of messages in the process of startup. But I don't think there is a problem in startup.
After I entered following search command in second shell
Code:
ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base
I got following messages in the first shell where I started slapd manually at trace level.
Code:
slapd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
backend_startup_one: starting "dc=nodomain"
hdb_db_open: database "dc=nodomain": dbenv_open(/var/lib/ldap).
slapd starting
slap_listener_activate(8):
>>> slap_listener(ldap:///)
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 46 contents:
ber_get_next
conn=0 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com>
<<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, <cn=manager,dc=example,dc=com>
do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 14 bytes to sd 13
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
ber_get_next on fd 13 failed errno=0 (Success)
connection_close: conn=0 sd=13
|
|
|
01-03-2011, 02:08 PM
|
#6
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
where is dc=nodomain coming from? I'm not that used to slapd logs, but there's no reference to loading your "example" domain at all... are you configuring the wrong slapd.conf file or something like that?
btw, afaik slapd should log to /var/log/ldap.log or similar.
|
|
1 members found this post helpful.
|
01-03-2011, 02:16 PM
|
#7
|
Member
Registered: Sep 2010
Location: India
Distribution: Ubuntu
Posts: 39
Original Poster
Rep:
|
I exactly had same doubt.
I searched
sudo find / -name 'slapd.conf'
and I got only one which I am using.
/etc/ldap/slapd.conf
|
|
|
01-03-2011, 02:30 PM
|
#8
|
Member
Registered: Sep 2010
Location: India
Distribution: Ubuntu
Posts: 39
Original Poster
Rep:
|
I did it :-)
sudo slapd -f /etc/ldap/slapd.conf -d config
with -f option, I specified file and it worked. I doubt it could not find my configuration file slapd.conf, so it started server with default configuration. But when I provided file with -f option, it worked.
Thank you very much for help.
|
|
1 members found this post helpful.
|
03-14-2011, 09:21 PM
|
#9
|
LQ Newbie
Registered: Mar 2011
Posts: 1
Rep:
|
I have exactly the same problem however I could not solve the problem. Plz sanjaydelhi if you can spare sometime then kindly help me out how to resolve this.
Cheers,
|
|
|
03-16-2011, 10:29 AM
|
#10
|
Member
Registered: Sep 2010
Location: India
Distribution: Ubuntu
Posts: 39
Original Poster
Rep:
|
Oh I came to LQ after long time.
Right now I am not doing r&d on OpenLDAP. But I installed OpenLDAP on Ubuntu 10.10 mulitple times and run it with the method I just described above. In Ubuntu 10.10 after installing OpenLDAP through package installer, you will have to manually add few files in your OpenLDAP installation on Ubuntu 10.10. The location of the files you will have to find out because I have forgotten now. Otherwise install OpenLDAP on Ubuntu 9.04. It works okay in Ubuntu 9.04.
Good luck.
[Edit]
I tried to attach file, but looks like zip files are not allowed, so I will write names of those files here
id2entry.bdb
dn2id.bdb
DB_CONFIG
Note that I did not find OpenLDAP document sufficient.
Last edited by sanjaydelhi; 03-16-2011 at 10:36 AM.
|
|
|
All times are GMT -5. The time now is 08:03 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|