Unable to login to phpldapadmin - Linux
Hi,
I would like to login to the phpldapadmin which was setup in our environment. Wheoever had account is no longer works for the company and I need to either create a new account or reset the password for the existing account. When I'm trying to creae a new account on ldap, im getting the below issue. Enter LDAP Password: ldap_bind: Invalid credentials (49) I created a new password using slappasswd utility and update rootpw entry in /etc/openldap/slapd.conf and restarted /etc/init.d/ldap , but still the new LDAP password is not working. Here is my slapd.conf file ---------------------------------------------------- # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openssh-lpk.schema include /etc/openldap/schema/schema.OpenLDAP include /etc/openldap/schema/mydyngroup.schema # Allow LDAPv2 client connections. This is NOT the default. allow bind_v2 # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args # Load dynamic backend modules: modulepath /usr/lib64/openldap # Modules available in openldap-servers-overlays RPM package # Module syncprov.la is now statically linked with slapd and there # is no need to load it here # moduleload accesslog.la # moduleload auditlog.la # moduleload denyop.la # moduleload dyngroup.la moduleload dynlist.la # The next three lines allow use of TLS for encrypting connections using a # dummy test certificate which you can generate by changing to # /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on # slapd.pem so that the ldap user or group can read it. Your client software # may balk at self-signed certificates, however. # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt # TLSCertificateFile /etc/pki/tls/certs/slapd.pem # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem TLSCACertificateFile /etc/pki/tls/certs/slapd-chain.pem TLSCertificateFile /etc/pki/tls/hostkeys/slapd.pem TLSCertificateKeyFile /etc/pki/tls/hostkeys/slapd.key # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind security ssf=256 # rootdn can always read and write EVERYTHING! access to attrs=userPassword by self write by dn.one="ou=ldapAdmins,dc=ec2,dc=scloud,dc=com" write by * auth access to * by dn.one="ou=ldapAdmins,dc=ec2,dc=scloud,dc=com" write by anonymous read by self write by * read #by tls_ssf=256 ssf=256 anonymous auth #by tls_ssf=256 ssf=256 self write #by * none ####################################################################### # ldbm and/or bdb database definitions ####################################################################### database bdb suffix "dc=ec2,dc=supervalucloud,dc=com" rootdn "cn=ldapadm,dc=ec2,dc=scloud,dc=com" rootpw "{SSHA}HTyhL3asN+cPtCkvPWVbG64vrX8p2QJw" #rootpw "{SSHA}3hO3PnDPLCWhkgX/AMOvQGRVfVJsuGOn" #rootdn "cn=ldapadm,dc=ec2,dc=supervalu,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. #rootpw secret # rootpw {crypt}ijFYNcSNctBYg #rootpw {CRYPT}AtiB5uZmzWOyY # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap dirtyread # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index sudoUser eq,pres,sub index member eq,pres # Replicas of this database #replogfile /var/lib/ldap/openldap-master-replog #replica host=ldap-1.example.com:389 starttls=critical # bindmethod=sasl saslmech=GSSAPI # authcId=host/ldap-master.example.com@EXAMPLE.COM overlay dynlist dynlist-attrset groupOfURLs memberURL --------------------------------------------------------------- |
Quote:
|
Quote:
Thanks for your reply... I can do ldapsearch and it returns the o/p . But if i'm trying to add a user getting the below error root@ldap02 /usr/local/sbin # addldapuser vkal003 Enter LDAP Password: ldap_bind: Confidentiality required (13) additional info: confidentiality required root@ldap02 /usr/local/sbin # ldapadd -x -D "cn=ldapadm,dc=ec2,dc=svalucloud,dc=com" -W -f /tmp/newentry Enter LDAP Password: ldap_bind: Confidentiality required (13) additional info: confidentiality required /tmt/newentry - is the file I created and added the below values. root@ldap02 /usr/local/sbin # cat /tmp/newentry dn: cn=john peter,dc=ec2,dc=scloud,dc=com ou: people objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: ldapPublicKey objectClass: top cn: John Peter sn: apal01e title: User mail: john.peter@scloud.com uid: jpete01 I also can't change the ldappasswd and getting the same error. root@ldap02 /usr/local/sbin # ldappasswd -x -W -D "cn=ldapadm,dc=ec2,dc=scloud,dc=com" "cn=bbar02c,ou=ldapAdmins,dc=ec2,dc=scloud,dc=com" Enter LDAP Password: ldap_bind: Confidentiality required (13) additional info: confidentiality required Could you please help me on that ? |
Hi,
Quote:
Quote:
|
All times are GMT -5. The time now is 04:34 PM. |