Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would like to login to the phpldapadmin which was setup in our environment. Wheoever had account is no longer works for the company and I need to either create a new account or reset the password for the existing account.
When I'm trying to creae a new account on ldap, im getting the below issue.
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I created a new password using slappasswd utility and update rootpw entry in /etc/openldap/slapd.conf and restarted /etc/init.d/ldap , but still the new LDAP password is not working.
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openssh-lpk.schema
include /etc/openldap/schema/schema.OpenLDAP
include /etc/openldap/schema/mydyngroup.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
# Modules available in openldap-servers-overlays RPM package
# Module syncprov.la is now statically linked with slapd and there
# is no need to load it here
# moduleload accesslog.la
# moduleload auditlog.la
# moduleload denyop.la
# moduleload dyngroup.la
moduleload dynlist.la
# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
TLSCACertificateFile /etc/pki/tls/certs/slapd-chain.pem
TLSCertificateFile /etc/pki/tls/hostkeys/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/hostkeys/slapd.key
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
security ssf=256
# rootdn can always read and write EVERYTHING!
access to attrs=userPassword
by self write
by dn.one="ou=ldapAdmins,dc=ec2,dc=scloud,dc=com" write
by * auth
access to *
by dn.one="ou=ldapAdmins,dc=ec2,dc=scloud,dc=com" write
by anonymous read
by self write
by * read
#by tls_ssf=256 ssf=256 anonymous auth
#by tls_ssf=256 ssf=256 self write
#by * none
#rootpw "{SSHA}3hO3PnDPLCWhkgX/AMOvQGRVfVJsuGOn"
#rootdn "cn=ldapadm,dc=ec2,dc=supervalu,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
#rootpw {CRYPT}AtiB5uZmzWOyY
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
dirtyread
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index sudoUser eq,pres,sub
index member eq,pres
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
#rootpw "{SSHA}3hO3PnDPLCWhkgX/AMOvQGRVfVJsuGOn"
#rootdn "cn=ldapadm,dc=ec2,dc=supervalu,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
#rootpw {CRYPT}AtiB5uZmzWOyY
are you using here correct suffix ?? suffix seems different from rootdn ??? are you able to login or using it with ldapsearch command ?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
