Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
05-22-2012, 09:30 AM
|
#1
|
LQ Newbie
Registered: May 2012
Posts: 8
Rep: 
|
Unable to login to phpldapadmin - Linux
Hi,
I would like to login to the phpldapadmin which was setup in our environment. Wheoever had account is no longer works for the company and I need to either create a new account or reset the password for the existing account.
When I'm trying to creae a new account on ldap, im getting the below issue.
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I created a new password using slappasswd utility and update rootpw entry in /etc/openldap/slapd.conf and restarted /etc/init.d/ldap , but still the new LDAP password is not working.
Here is my slapd.conf file
----------------------------------------------------
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openssh-lpk.schema
include /etc/openldap/schema/schema.OpenLDAP
include /etc/openldap/schema/mydyngroup.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib64/openldap
# Modules available in openldap-servers-overlays RPM package
# Module syncprov.la is now statically linked with slapd and there
# is no need to load it here
# moduleload accesslog.la
# moduleload auditlog.la
# moduleload denyop.la
# moduleload dyngroup.la
moduleload dynlist.la
# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
TLSCACertificateFile /etc/pki/tls/certs/slapd-chain.pem
TLSCertificateFile /etc/pki/tls/hostkeys/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/hostkeys/slapd.key
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
security ssf=256
# rootdn can always read and write EVERYTHING!
access to attrs=userPassword
by self write
by dn.one="ou=ldapAdmins,dc=ec2,dc=scloud,dc=com" write
by * auth
access to *
by dn.one="ou=ldapAdmins,dc=ec2,dc=scloud,dc=com" write
by anonymous read
by self write
by * read
#by tls_ssf=256 ssf=256 anonymous auth
#by tls_ssf=256 ssf=256 self write
#by * none
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=ec2,dc=supervalucloud,dc=com"
rootdn "cn=ldapadm,dc=ec2,dc=scloud,dc=com"
rootpw "{SSHA}HTyhL3asN+cPtCkvPWVbG64vrX8p2QJw"
#rootpw "{SSHA}3hO3PnDPLCWhkgX/AMOvQGRVfVJsuGOn"
#rootdn "cn=ldapadm,dc=ec2,dc=supervalu,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
#rootpw {CRYPT}AtiB5uZmzWOyY
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
dirtyread
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index sudoUser eq,pres,sub
index member eq,pres
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
overlay dynlist
dynlist-attrset groupOfURLs memberURL
---------------------------------------------------------------
|
|
|
05-22-2012, 01:19 PM
|
#2
|
Member
Registered: Apr 2012
Location: /root
Distribution: Ubuntu, Redhat, Fedora, CentOS
Posts: 190
Rep:
|
Quote:
Originally Posted by itz4vj
Hi,
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=ec2,dc=supervalucloud,dc=com"
rootdn "cn=ldapadm,dc=ec2,dc=scloud,dc=com"
rootpw "{SSHA}HTyhL3asN+cPtCkvPWVbG64vrX8p2QJw"
#rootpw "{SSHA}3hO3PnDPLCWhkgX/AMOvQGRVfVJsuGOn"
#rootdn "cn=ldapadm,dc=ec2,dc=supervalu,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
#rootpw {CRYPT}AtiB5uZmzWOyY
|
are you using here correct suffix ?? suffix seems different from rootdn ??? are you able to login or using it with ldapsearch command ?
|
|
|
05-22-2012, 02:31 PM
|
#3
|
LQ Newbie
Registered: May 2012
Posts: 8
Original Poster
Rep: 
|
Quote:
Originally Posted by em31amit
are you using here correct suffix ?? suffix seems different from rootdn ??? are you able to login or using it with ldapsearch command ?
|
Thanks for your reply... I can do ldapsearch and it returns the o/p
.
But if i'm trying to add a user getting the below error
root@ldap02 /usr/local/sbin # addldapuser vkal003
Enter LDAP Password:
ldap_bind: Confidentiality required (13)
additional info: confidentiality required
root@ldap02 /usr/local/sbin # ldapadd -x -D "cn=ldapadm,dc=ec2,dc=svalucloud,dc=com" -W -f /tmp/newentry
Enter LDAP Password:
ldap_bind: Confidentiality required (13)
additional info: confidentiality required
/tmt/newentry - is the file I created and added the below values.
root@ldap02 /usr/local/sbin # cat /tmp/newentry
dn: cn=john peter,dc=ec2,dc=scloud,dc=com
ou: people
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: ldapPublicKey
objectClass: top
cn: John Peter
sn: apal01e
title: User
mail: john.peter@scloud.com
uid: jpete01
I also can't change the ldappasswd and getting the same error.
root@ldap02 /usr/local/sbin # ldappasswd -x -W -D "cn=ldapadm,dc=ec2,dc=scloud,dc=com" "cn=bbar02c,ou=ldapAdmins,dc=ec2,dc=scloud,dc=com"
Enter LDAP Password:
ldap_bind: Confidentiality required (13)
additional info: confidentiality required
Could you please help me on that ?
|
|
|
05-25-2012, 04:14 PM
|
#4
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,224
|
Hi,
Quote:
ldap_bind: Confidentiality required (13)
|
You should add a -Z (or -ZZ) in your ldap commands, or if you don't want tls, comment out the following lines:
Quote:
TLSCACertificateFile /etc/pki/tls/certs/slapd-chain.pem
TLSCertificateFile /etc/pki/tls/hostkeys/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/hostkeys/slapd.key
security ssf=256
|
Regards
|
|
|
All times are GMT -5. The time now is 04:02 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|