LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-08-2011, 07:37 PM   #1
craigmyster
LQ Newbie
 
Registered: Feb 2011
Posts: 13

Rep: Reputation: 0
openldap 2.3.43 directory read only user


I am very new to openldap but got users added into the People ou and have authentication working over TLS. I have no ACLs in place yet but want to use a user called ldap-auth-user to bind to the ldap servers directory from the client servers. However I keep on getting ldap_bind: Invalid credentials (49). Error. I know the UserPassword is correct because I can log into a server using that id and password through the LDAP directory. I am guessing it has something to do with the way I created the account.

This Works:
ldapsearch -D 'cn=Manager,dc=test,dc=com' -x 'uid=testuser' -W

This Doesn't:
ldapsearch -D 'cn=ldap-auth-user,dc=test,dc=com' -x 'uid=testuser' -W

Here is the ldap-auth-users entry in the directory

[root@ldap-build-01 ~]# ldapsearch -D 'cn=Manager,dc=test,dc=com' -x 'uid=ldap-auth-user' -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: uid=ldap-auth-user
# requesting: ALL
#

# ldap-auth-user, People, glbb.jp
dn: uid=ldap-auth-user,ou=People,dc=test,dc=com
uid:: bGRhcC1hdXRoLXVzZXIg
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e1NTSEF9VVU4eWQ1WDZkbGc5U2JOc21JSHR5YzkzazBwTzdOWjA=
shadowLastChange: 15008
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 503
gidNumber: 1000
homeDirectory: /home/ldap-auth-user
cn: ldap-auth-user
gecos: ldap-auth-user

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@ldap-build-01 ~]#
 
Old 03-08-2011, 10:24 PM   #2
quanta
Member
 
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724

Rep: Reputation: 101Reputation: 101
The binddn you use from command line is different the dn from ldif content:

Code:
This Doesn't:
 ldapsearch -D 'cn=ldap-auth-user,dc=test,dc=com' -x 'uid=testuser' -W
Code:
# ldap-auth-user, People, glbb.jp
dn: uid=ldap-auth-user,ou=People,dc=test,dc=com
uid:: bGRhcC1hdXRoLXVzZXIg
Which attribute you want to use to authenticate: cn or uid?

Try this:
Code:
ldapsearch -D 'uid=ldap-auth-user,ou=People,dc=test,dc=com' -x 'uid=testuser' -W
Remember input the password of ldap-auth-user, not rootdn.
 
Old 03-09-2011, 02:27 AM   #3
craigmyster
LQ Newbie
 
Registered: Feb 2011
Posts: 13

Original Poster
Rep: Reputation: 0
thank you. didn't realize you needed to specify the OU also. Kind of curious why I cannot bind with the cn though. the cn is ldap-auth-user just like the uid.
 
Old 03-09-2011, 02:43 AM   #4
quanta
Member
 
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724

Rep: Reputation: 101Reputation: 101
Quote:
Originally Posted by craigmyster View Post
Kind of curious why I cannot bind with the cn though. the cn is ldap-auth-user just like the uid.
Because there is no dn which has name 'cn=ldap-auth-user,ou=People,dc=test,dc=com' in your LDAP directory.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting Read permissions of a directory for root user only BlueSkull Linux - Newbie 4 03-23-2010 12:31 PM
what is difference between openldap and directory services ram_rajavarapu Linux - Enterprise 6 05-15-2009 01:16 AM
OpenLDAP and Active Directory custangro Linux - Enterprise 1 01-05-2008 02:55 AM
Active Directory vs. OpenLDAP msteiner Linux - Software 1 10-30-2007 01:09 PM
openldap and active directory akismax Linux - Enterprise 1 07-21-2006 06:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration