LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-03-2011, 06:15 AM   #1
sanjaydelhi
Member
 
Registered: Sep 2010
Location: India
Distribution: Ubuntu
Posts: 39

Rep: Reputation: 2
openldap ldap_bind: Invalid credentials (49)


I was trying to learn OpenLdap on Ubuntu 9.04.


Code:
# slapd.conf - Configuration file for LDAP SLAPD
##########
# Basics #
##########
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel none
modulepath /usr/lib/ldap
# modulepath /usr/local/libexec/openldap
moduleload back_hdb
##########################
# Database Configuration #
##########################
database hdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /var/lib/ldap
# directory /usr/local/var/openldap-data
index objectClass,cn eq
########
# ACLs #
########
access to attrs=userPassword
       by anonymous auth
       by self write
       by * none
access to *
       by self write
       by * none
my ldap.conf is

Code:
# This file should be world readable but not world writable.

#BASE	dc=example,dc=com
#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT	12
#TIMELIMIT	15
#DEREF		never

# LDAP Client Settings
URI ldap://localhost
BASE dc=example,dc=com
BINDDN cn=Manager,dc=example,dc=com
SIZELIMIT 0
TIMELIMIT 0

then I tested my configuration using

Code:
sudo slaptest -v -f slapd.conf
which was ok.

Then I restared openldap server using

Code:
sudo invoke-rc.d slapd restart

Then I tried followng command

Code:
ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base

I get following prompt

Enter LDAP Password:

I entered secret

but I get following error


ldap_bind: Invalid credentials (49)


Please help

Last edited by sanjaydelhi; 01-03-2011 at 06:17 AM.
 
Old 01-03-2011, 06:37 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
use the slappasswd tool to get an encrypted password and replace the plaintext one with that, e.g. "rootpw {SSHA}W0CjkdAxj7ziBcG37+Bog2zf1bIf2GrA"
 
1 members found this post helpful.
Old 01-03-2011, 08:24 AM   #3
sanjaydelhi
Member
 
Registered: Sep 2010
Location: India
Distribution: Ubuntu
Posts: 39

Original Poster
Rep: Reputation: 2
I tried not working

{SSHA}EN3+ZmSaaZSb5ndB9FlDLzs+fM2Sc2lL
 
Old 01-03-2011, 09:12 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
what does the server log say about the attempt?
 
1 members found this post helpful.
Old 01-03-2011, 01:56 PM   #5
sanjaydelhi
Member
 
Registered: Sep 2010
Location: India
Distribution: Ubuntu
Posts: 39

Original Poster
Rep: Reputation: 2
Well thanks for trying to help.




I tried to look into /var/log/syslog. But I could not find anything useful with respect to slapd.

So I tried something different.

I killed process using

Code:
sudo kill `pgrep slapd`
Then I started server in first shell manually at trace level to print all messages in foreground using

Code:
sudo slapd -d Trace
It printed lot of messages in the process of startup. But I don't think there is a problem in startup.

After I entered following search command in second shell

Code:
ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base
I got following messages in the first shell where I started slapd manually at trace level.




Code:
slapd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
backend_startup_one: starting "dc=nodomain"
hdb_db_open: database "dc=nodomain": dbenv_open(/var/lib/ldap).
slapd starting
slap_listener_activate(8): 
>>> slap_listener(ldap:///)
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 46 contents:
ber_get_next
conn=0 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com>
<<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, <cn=manager,dc=example,dc=com>
do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 14 bytes to sd 13
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
ber_get_next on fd 13 failed errno=0 (Success)
connection_close: conn=0 sd=13
 
Old 01-03-2011, 02:08 PM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
where is dc=nodomain coming from? I'm not that used to slapd logs, but there's no reference to loading your "example" domain at all... are you configuring the wrong slapd.conf file or something like that?

btw, afaik slapd should log to /var/log/ldap.log or similar.
 
1 members found this post helpful.
Old 01-03-2011, 02:16 PM   #7
sanjaydelhi
Member
 
Registered: Sep 2010
Location: India
Distribution: Ubuntu
Posts: 39

Original Poster
Rep: Reputation: 2
I exactly had same doubt.

I searched

sudo find / -name 'slapd.conf'


and I got only one which I am using.

/etc/ldap/slapd.conf
 
Old 01-03-2011, 02:30 PM   #8
sanjaydelhi
Member
 
Registered: Sep 2010
Location: India
Distribution: Ubuntu
Posts: 39

Original Poster
Rep: Reputation: 2
I did it :-)


sudo slapd -f /etc/ldap/slapd.conf -d config


with -f option, I specified file and it worked. I doubt it could not find my configuration file slapd.conf, so it started server with default configuration. But when I provided file with -f option, it worked.


Thank you very much for help.
 
1 members found this post helpful.
Old 03-14-2011, 09:21 PM   #9
salarzai
LQ Newbie
 
Registered: Mar 2011
Posts: 1

Rep: Reputation: 0
I have exactly the same problem however I could not solve the problem. Plz sanjaydelhi if you can spare sometime then kindly help me out how to resolve this.
Cheers,
 
Old 03-16-2011, 10:29 AM   #10
sanjaydelhi
Member
 
Registered: Sep 2010
Location: India
Distribution: Ubuntu
Posts: 39

Original Poster
Rep: Reputation: 2
Oh I came to LQ after long time.

Right now I am not doing r&d on OpenLDAP. But I installed OpenLDAP on Ubuntu 10.10 mulitple times and run it with the method I just described above. In Ubuntu 10.10 after installing OpenLDAP through package installer, you will have to manually add few files in your OpenLDAP installation on Ubuntu 10.10. The location of the files you will have to find out because I have forgotten now. Otherwise install OpenLDAP on Ubuntu 9.04. It works okay in Ubuntu 9.04.

Good luck.


[Edit]
I tried to attach file, but looks like zip files are not allowed, so I will write names of those files here
id2entry.bdb
dn2id.bdb
DB_CONFIG

Note that I did not find OpenLDAP document sufficient.

Last edited by sanjaydelhi; 03-16-2011 at 10:36 AM.
 
  


Reply

Tags
openldap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ldap 2.4 rhel6 problem with openldap ldap_bind: Invalid credentials (49) dshivji Linux - Server 3 12-04-2010 04:23 AM
ldap_bind: Invalid credentials (49) jlpeifer Linux - Server 3 11-02-2010 04:31 PM
ldap_bind: Invalid credentials (49) on OpenLDAP server gergaholic Linux - Server 7 11-08-2007 10:03 AM
ldap_bind: Invalid credentials (49) on OpenLDAP server gergaholic Fedora 2 11-05-2007 04:23 PM
ldap_bind:Invalid credentials chintone Linux - General 0 12-06-2002 06:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration